9

CVE-2008-2097

Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareEsx Version3.5
VMwareEsxi Version3.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.89% 0.889
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
Vendor Advisory
http://www.vupen.com/english/advisories/2008/1744
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://secunia.com/advisories/30581
Vendor Advisory
http://secunia.com/advisories/30556
Vendor Advisory
http://securityreason.com/securityalert/3922
http://securitytracker.com/id?1020199
http://www.securityfocus.com/bid/29547
https://exchange.xforce.ibmcloud.com/vulnerabilities/42875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5640
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5759