Vulnerability Team: VMware vCenter Orchestrator remote code execution vulnerability

VMware vCenter Orchestrator remote code execution vulnerability

Posted: 15/3/11 by komz in Etiquetas: Remote Code Execution Vulnerability, vulnerabilidad en VMWare, Vulnerabilidades

A vulnerability in VMware vCenter Orchestrator(vCO) could allow remote execution.

VMware vCenter Orchestrator is an application to automate management tasks. It embeds Apache Struts (version 2.0.11) which is a third party component.

The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the '#'-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1870 to this vulnerability.

VMWARE SECURITY ADVISORY

Vulnerability Team

NIVEL DE VULNERABILIDADES

follow me on Twitter

SOCIAL NETWORK

FOLLOW US ON FACEBOOK

YOUR IP

TRADUCTOR

Herramientas ONLINE

BUSCADOR DE GOOGLE

CATEGORIAS

LINKS

LABELS

VMware vCenter Orchestrator remote code execution vulnerability

0 comentarios: