Test ID:	1.3.6.1.4.1.25623.1.0.105850
Category:	General
Title:	VMware ESXi product updates address multiple important security issues (VMSA-2016-0010) - Remote Version Check
Summary:	ESXi contain an HTTP header injection vulnerability due to lack of input validation. An attacker can exploit; this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect attacks.
Description:	Summary: ESXi contain an HTTP header injection vulnerability due to lack of input validation. An attacker can exploit this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect attacks. Affected Software/OS: ESXi 6.0 without patch ESXi600-201603101-SG. Solution: Apply the missing patch(es). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5331 BugTraq ID: 92324 http://www.securityfocus.com/bid/92324 Bugtraq: 20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) (Google Search) http://www.securityfocus.com/archive/1/539128/100/0/threaded http://seclists.org/fulldisclosure/2016/Aug/38 http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html http://www.securitytracker.com/id/1036543 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.