exploit the possibilities
Showing 1 - 1 of 1 RSS Feed


VMware Security Advisory 2010-0012
Posted Jul 20, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - The default version of the Jetty Web server in Update Manager is version 6.1.6 for which the following relevant vulnerabilities are reported. A directory traversal vulnerability in Jetty allows for obtaining files from the system where Update Manager is installed by a remote, unauthenticated attacker. The attacker would need to be on the same network as the system where Update Manager is installed. A cross-site scripting vulnerability in Jetty allows for running JavaScript in the browser of the user who clicks a URL containing a malicious request to Update Manager. For an attack to be successful the attacker would need to lure the user into clicking the malicious URL.

tags | advisory, remote, web, javascript, vulnerability, xss
advisories | CVE-2009-1523, CVE-2009-1524
MD5 | 9bba7d347077265fa082cc0c7a7e5b28
Page 1 of 1

Top Authors In Last 30 Days

packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By