5

CVE-2006-2481

VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareEsx Version2.0
VMwareEsx Version2.0.1
VMwareEsx Version2.1
VMwareEsx Version2.1.1
VMwareEsx Version2.1.2
VMwareEsx Version2.5
VMwareEsx Version2.5.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.06% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.vmware.com/kb/2118366
http://secunia.com/advisories/21230
Vendor Advisory
http://www.securityfocus.com/archive/1/441825/100/100/threaded
http://www.vupen.com/english/advisories/2006/3075
Vendor Advisory
http://www.securityfocus.com/bid/19249
http://www.corsaire.com/advisories/c060512-001.txt
Vendor Advisory
http://www.securityfocus.com/archive/1/441728/100/100/threaded