ID de Prueba:	1.3.6.1.4.1.25623.1.0.105854
Categoría:	Web application abuses
Título:	VMware Security Updates for vCenter Server (VMSA-2016-0010) - Active Check
Resumen:	vCenter contain an HTTP header injection vulnerability due to; lack of input validation.
Descripción:	Summary: vCenter contain an HTTP header injection vulnerability due to lack of input validation. Vulnerability Impact: An attacker can exploit this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect attacks. Solution: Update to version 6.0 U2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5331 BugTraq ID: 92324 http://www.securityfocus.com/bid/92324 Bugtraq: 20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) (Google Search) http://www.securityfocus.com/archive/1/539128/100/0/threaded http://seclists.org/fulldisclosure/2016/Aug/38 http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html http://www.securitytracker.com/id/1036543 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.