VMware vCenter Server 6.0.x < 6.0u2 Unspecified HTTP Header Injection (VMSA-2016-0010)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A virtualization management application installed on the remote host
is affected by an HTTP header injection vulnerability.

Description :

The version of VMware vCenter Server installed on the remote host is
6.0.x prior to 6.0u2. It is, therefore, affected by an HTTP header
injection vulnerability due to improper sanitization of user-supplied
input. A remote attacker can exploit this to inject arbitrary HTTP
headers and conduct HTTP response splitting attacks.

See also :

https://www.vmware.com/security/advisories/VMSA-2016-0010.html

Solution :

Upgrade to VMware vCenter Server version 6.0u2 (6.0.0 build-3634788)
or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 92870 ()

Bugtraq ID: 92324

CVE ID: CVE-2016-5331

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now