ID de Prueba:	1.3.6.1.4.1.25623.1.0.105853
Categoría:	Web application abuses
Título:	VMware ESXi Multiple Vulnerabilities (VMSA-2016-0010) - Active Check
Resumen:	ESXi contains an HTTP header injection vulnerability due to; lack of input validation. An attacker can exploit this issue to set arbitrary HTTP response; headers and cookies, which may allow for cross-site scripting and malicious redirect attacks.
Descripción:	Summary: ESXi contains an HTTP header injection vulnerability due to lack of input validation. An attacker can exploit this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect attacks. Affected Software/OS: VMWare ESXi 6.0 without patch ESXi600-201603101-SG. Solution: Apply the missing patch(es). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5331 BugTraq ID: 92324 http://www.securityfocus.com/bid/92324 Bugtraq: 20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) (Google Search) http://www.securityfocus.com/archive/1/539128/100/0/threaded http://seclists.org/fulldisclosure/2016/Aug/38 http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html http://www.securitytracker.com/id/1036543 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.