Vulnerabilities > CVE-2005-3620 - Information Disclosure vulnerability in VMware ESX

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

vmware

NVD

Published: 2005-12-31

Updated: 2018-10-30

Summary

The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.

Vulnerable Configurations

Part	Description	Count
OS	Vmware Vmware ESX 2.0.1 Vmware ESX 2.1.1 Vmware ESX 2.1.2 Vmware ESX 2.5.2	5

References

http://kb.vmware.com/kb/2118366
http://secunia.com/advisories/21230
http://www.corsaire.com/advisories/c051114-003.txt
http://www.kb.cert.org/vuls/id/822476
http://www.securityfocus.com/archive/1/441727/100/100/threaded
http://www.securityfocus.com/archive/1/441825/100/100/threaded
http://www.securityfocus.com/bid/19249
http://www.vupen.com/english/advisories/2006/3075
https://exchange.xforce.ibmcloud.com/vulnerabilities/28112