Vulnerabilities > CVE-2005-3620 - Information Disclosure vulnerability in VMware ESX
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 5 |
References
- http://kb.vmware.com/kb/2118366
- http://secunia.com/advisories/21230
- http://www.corsaire.com/advisories/c051114-003.txt
- http://www.kb.cert.org/vuls/id/822476
- http://www.securityfocus.com/archive/1/441727/100/100/threaded
- http://www.securityfocus.com/archive/1/441825/100/100/threaded
- http://www.securityfocus.com/bid/19249
- http://www.vupen.com/english/advisories/2006/3075
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28112