VMware vCenter Server 6.0.x < 6.0u2 Unspecified HTTP Header Injection (VMSA-2016-0010)
Medium Nessus Plugin ID 92870
SynopsisA virtualization management application installed on the remote host is affected by an HTTP header injection vulnerability.
DescriptionThe version of VMware vCenter Server installed on the remote host is 6.0.x prior to 6.0u2. It is, therefore, affected by an HTTP header injection vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
SolutionUpgrade to VMware vCenter Server version 6.0u2 (6.0.0 build-3634788) or later.