漏洞信息详情
VMware VirtualCenter 和 VMware ESX 'WebAccess'跨站脚本漏洞
- CNNVD编号:CNNVD-201004-001
- 危害等级: 中危
- CVE编号: CVE-2009-2277
- 漏洞类型: 跨站脚本
- 发布时间: 2010-03-29
- 威胁类型: 远程
- 更新时间: 2010-04-01
- 厂 商: vmware
- 漏洞来源: VMware
漏洞简介
VMware ESX是美国威睿(VMware)公司的虚拟服务器系统。
VMware VirtualCenter 和 VMware ESX中的WebAccess存在跨站脚本漏洞。远程攻击者可以通过与“context数据”相关的向量注入任意web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
VMWare ESX Server 3.5 ESX350-200906407
VMWare ESX350-201003403-SG
http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
VMWare VirtualCenter 2.0.2 Update 4
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare VirtualCenter 2.5
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare VirtualCenter 2.0.2 Update 1
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare ESX Server 3.5 ESX350-200910401
VMWare ESX350-201003403-SG
http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
VMWare VirtualCenter 2.0.2 Update 3
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare VirtualCenter 2.5 Update 1
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare ESX Server 3.5 ESX350-200904401
VMWare ESX350-201003403-SG
http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
VMWare VirtualCenter 2.0.2 Update 5
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare VirtualCenter 2.5 Update 5
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare VirtualCenter 2.0.2 Update 2
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare ESX Server 3.5
VMWare ESX350-201003403-SG
http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
VMWare VirtualCenter 2.5 Update 2
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare VirtualCenter 2.0.2
VMWare VMware Virtual Center 2.5 Update 6
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMWare ESX Server 3.0.3 ESX303-200812406-BG
VMWare ESX350-201003403-SG
http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
VMWare ESX Server 3.0.3 ESX303-200910401-BG
VMWare ESX350-201003403-SG
http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
VMWare ESX Server 3.0.3
VMWare ESX350-201003403-SG
http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
VMWare ESX Server 3.0.3 ESX303-200905401-SG
VMWare ESX350-201003403-SG
http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
参考网址
来源: www.vmware.com
链接:http://www.vmware.com/security/advisories/VMSA-2010-0005.HTML
来源: BID
名称: 39037
链接:http://www.securityfocus.com/bid/39037
来源: MLIST
名称: [security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess
链接:http://lists.vmware.com/pipermail/security-announce/2010/000086.HTML
受影响实体
- Vmware Esx_server:3.0.3
- Vmware Esx_server:3.5
- Vmware Virtualcenter:2.5
- Vmware Virtualcenter:2.0.2
补丁
- VMware ESX 3.5, Patch ESX350-201003403-SG: Updates VMware-webCenter-esx
评论