VMware vCenter Server CRLF Injection and Server Side Request Forgery Security Bypass Vulnerabilities

Bugtraq ID: 101785
Class: Design Error
CVE: CVE-2017-4928
Remote: Yes
Local: No
Published: Nov 09 2017 12:00AM
Updated: Nov 19 2017 12:07AM
Credit: ricterzheng @ Tencent Yunding Lab
Vulnerable: VMWare vCenter Server 6.0
VMWare vCenter Server 5.5
Not Vulnerable: VMWare vCenter Server 6.0 U3c
VMWare vCenter Server 5.5 U3f


 

Privacy Statement
Copyright 2010, SecurityFocus