5

CVE-2009-3733

Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareEsx Version3.0.3
VMwareEsx Version3.5
VMwareEsxi Version3.5
VMwareServer Version1.0
VMwareServer Version1.0.1
VMwareServer Version1.0.1_build_29996
VMwareServer Version1.0.2
VMwareServer Version1.0.3
VMwareServer Version1.0.4
VMwareServer Version1.0.4_build_56528
VMwareServer Version1.0.5
VMwareServer Version1.0.6
VMwareServer Version1.0.7
VMwareServer Version1.0.8
VMwareServer Version1.0.9
VMwareServer Version2.0.0
   LinuxLinux Kernel Version-
VMwareServer Version2.0.1
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 90.06% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://securitytracker.com/id?1023088
Third Party Advisory
VDB Entry
http://securitytracker.com/id?1023089
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/36842
Third Party Advisory
VDB Entry