Security scan of vCenter Server 5.1 reports the message: Multiple Server Crafted Request WEB-INF Directory Information Disclosure
search cancel

Security scan of vCenter Server 5.1 reports the message: Multiple Server Crafted Request WEB-INF Directory Information Disclosure

book

Article ID: 336113

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Security scanners detect an information disclosure vulnerability on ports 9090 and 9443 on the Windows Server operating system running vCenter Server 5.1.
  • A security scan of vCenter Server 5.1 may report this vulnerability:

    Multiple Server Crafted Request WEB-INF Directory Information Disclosure


Environment

VMware vCenter Server 5.1.x

Resolution

The VMware Security Response Center has indicated that there is no potential to obtain sensitive data from this exploit.

Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box

Note: Affected Common Vulnerabilities and Exposures (CVE) include:
  • CVE-2002-1855
  • CVE-2002-1856
  • CVE-2002-1857
  • CVE-2002-1858
  • CVE-2002-1859
  • CVE-2002-1860
  • CVE-2002-1861


Powered by Wolken Software