Detections
Analytics

VMSA-2009-0017 : VMware vCenter, ESX patch and vCenter Lab Manager releases address XSS issues

medium Nessus Plugin ID 52012

Language:

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

a. WebWorks Help - Cross-site scripting vulnerability

 WebWorks Help is an output format that allows online Help to be delivered on multiple platforms and browsers, which makes it easy to publish information on the Web or on an enterprise intranet.
 WebWorks Help is used for creating the online help pages that are available in VMware WebAccess, Lab Manager and Stage Manager.

 WebWorks Help doesn't sufficiently sanitize incoming requests which may result in cross-site scripting vulnerabilities in applications that are built with WebWorks Help.

 Exploitation of these vulnerabilities in VMware products requires tricking a user to click on a malicious link or to open a malicious web page while they are logged in into vCenter, ESX or VMware Server using WebAccess, or logged in into Stage Manager or Lab Manager.

 Successful exploitation can lead to theft of user credentials. These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.

 Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices.

 Client-side protection measures included with current browsers are not always able to prevent these attacks from being executed.

 VMware would like to thank Daniel Grzelak and Alex Kouzemtchenko of stratsec (www.stratsec.net) for finding and reporting this issue.
 VMware would also like to thank Ben Allums of WebWorks.com for working on the remediation of this issue with us.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3731 to this issue.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2009/000073.html

Plugin Details

Severity: Medium

ID: 52012

File Name: vmware_VMSA-2009-0017.nasl

Version: 1.12

Type: local

Published: 2/17/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:vmware:esx:4.0

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Ease: No known exploits are available

Patch Publication Date: 12/15/2009

Reference Information

CVE: CVE-2009-3731

BID: 37346

CWE: 79

VMSA: 2009-0017