Detections
Analytics

VMware ESX WebAccess Context Data XSS (VMSA-2010-0005)

medium Nessus Plugin ID 45414

Language:

Synopsis

An application hosted on the remote web server has a cross-site scripting vulnerability.

Description

The version of WebAccess hosted on the remote VMware ESX server has a cross-site scripting vulnerability. It is possible to specify which XML web service to use for a given session by passing a specially crafted value to the 'view' parameter of '/ui/vmDirect.do'.

A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, causing all SOAP requests (including cleartext authentication credentials) to be sent to a host that is controlled by the attacker.

This version of ESX likely has other vulnerabilities, though Nessus has not checked for those.

Solution

Apply the relevant patch referenced in the VMware advisory, or disable WebAccess.

See Also

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2010-002/?fid=3766&dl=1

https://seclists.org/bugtraq/2010/Mar/250

https://www.vmware.com/security/advisories/VMSA-2010-0005.html

Plugin Details

Severity: Medium

ID: 45414

File Name: vmware_info_leak_vmsa_2010_0005.nasl

Version: 1.16

Type: remote

Published: 4/5/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:a:vmware:esx_server

Required KB Items: www/vmware_hostd

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 3/29/2010

Vulnerability Publication Date: 3/29/2010

Reference Information

CVE: CVE-2009-2277

BID: 39106

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

Secunia: 39171

VMSA: 2010-0005