| Vulnerability Name: | CVE-2005-4583 (CCN-23880) | ||||||||
| Assigned: | 2005-12-24 | ||||||||
| Published: | 2005-12-24 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-4583 Source: CCN Type: SA18250 VMware ESX Server Management Interface Script Insertion Source: SECUNIA Type: Patch, Vendor Advisory 18250 Source: CCN Type: SECTRACK ID: 1015422 VMware ESX Server Input Validation Flaw in Management Interface Log Viewer Permits Cross-Site Scripting Attacks Source: SECTRACK Type: Exploit, Patch 1015422 Source: OSVDB Type: Patch 22119 Source: CCN Type: OSVDB ID: 22119 VMware ESX Server Management Interface Unspecified XSS Source: BID Type: Patch 16086 Source: CCN Type: BID-16086 VMWare ESX Server Management Interface HTML Injection Vulnerability Source: CCN Type: VMware Knowledge Base Article 2001 Security Response to Remote Code Execution Vulnerability in VMware Management Interface Source: CONFIRM Type: Patch http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2001 Source: VUPEN Type: Vendor Advisory ADV-2005-3084 Source: XF Type: UNKNOWN vmware-esx-manager-code-execution(23880) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||