1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: VMware Directory Traversal CVE-2009-3733

Web Attack: VMware Directory Traversal CVE-2009-3733

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a directory traversal vulnerability in VMware products.

Additional Information

VMware is a set of server-emulation applications available for several platforms.

Multiple VMware products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input. Attackers on the same subnetwork may use a specially crafted request to retrieve arbitrary files from the host operating system.

A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information that could aid in further attacks.

Affected

  • VMWare Server 2.0.1 build 156745
  • VMWare Server 2.0.1
  • VMWare Server 1.0.9 build 156507
  • VMWare Server 1.0.9
  • VMWare Server 1.0.8 build 126538
  • VMWare Server 1.0.8
  • VMWare Server 1.0.7 build 108231
  • VMWare Server 1.0.7
  • VMWare Server 1.0.6 build 91891
  • VMWare Server 1.0.6
  • VMWare Server 1.0.5 Build 80187
  • VMWare Server 1.0.5
  • VMWare Server 1.0.4
  • VMWare Server 1.0.3
  • VMWare Server 1.0.2
  • VMWare Server 2.0
  • VMWare ESXi Server 3.5 ESXe350-20090440
  • VMWare ESXi Server 3.5
  • VMWare ESX Server 3.0.3
  • VMWare ESX Server 3.0.3
  • VMWare ESX Server 3.5 ESX350-200906407
  • VMWare ESX Server 3.5 ESX350-200904401
  • VMWare ESX Server 3.5
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube