Vulnerabilities > CVE-2005-3620 - Unspecified vulnerability in VMWare ESX
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 5 |
References
- http://kb.vmware.com/kb/2118366
- http://kb.vmware.com/kb/2118366
- http://secunia.com/advisories/21230
- http://secunia.com/advisories/21230
- http://www.corsaire.com/advisories/c051114-003.txt
- http://www.corsaire.com/advisories/c051114-003.txt
- http://www.kb.cert.org/vuls/id/822476
- http://www.kb.cert.org/vuls/id/822476
- http://www.securityfocus.com/archive/1/441727/100/100/threaded
- http://www.securityfocus.com/archive/1/441727/100/100/threaded
- http://www.securityfocus.com/archive/1/441825/100/100/threaded
- http://www.securityfocus.com/archive/1/441825/100/100/threaded
- http://www.securityfocus.com/bid/19249
- http://www.securityfocus.com/bid/19249
- http://www.vupen.com/english/advisories/2006/3075
- http://www.vupen.com/english/advisories/2006/3075
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28112