Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-4928

Опубликовано: 17 нояб. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:2d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:2e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:3e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:2m:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:3b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*

EPSS

Процентиль: 38%
0.00166
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

github логотип

GHSA-hgcm-2jjw-4pr2

CVSS3: 7.5
github
больше 3 лет назад

The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.

EPSS

Процентиль: 38%
0.00166
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-352