VMware vCenter Orchestrator remote code execution vulnerability
Posted: 15/3/11 by komz in Etiquetas: Remote Code Execution Vulnerability, vulnerabilidad en VMWare, Vulnerabilidades
0
A vulnerability in VMware vCenter Orchestrator(vCO) could allow remote execution.
The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the '#'-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1870 to this vulnerability.
VMWARE SECURITY ADVISORY