Vulnerabilities > CVE-2006-2481 - Credentials Management vulnerability in VMWare ESX
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 7 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | VMware ESX 2.x Multiple Information Disclosure Vulnerabilities. CVE-2006-2481. Remote exploits for multiple platform |
| id | EDB-ID:28312 |
| last seen | 2016-02-03 |
| modified | 2006-07-31 |
| published | 2006-07-31 |
| reporter | Stephen de Vries |
| source | https://www.exploit-db.com/download/28312/ |
| title | VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities |
References
- http://kb.vmware.com/kb/2118366
- http://kb.vmware.com/kb/2118366
- http://secunia.com/advisories/21230
- http://secunia.com/advisories/21230
- http://www.corsaire.com/advisories/c060512-001.txt
- http://www.corsaire.com/advisories/c060512-001.txt
- http://www.securityfocus.com/archive/1/441728/100/100/threaded
- http://www.securityfocus.com/archive/1/441728/100/100/threaded
- http://www.securityfocus.com/archive/1/441825/100/100/threaded
- http://www.securityfocus.com/archive/1/441825/100/100/threaded
- http://www.securityfocus.com/bid/19249
- http://www.securityfocus.com/bid/19249
- http://www.vupen.com/english/advisories/2006/3075
- http://www.vupen.com/english/advisories/2006/3075