Skip to main content

Configuration

CVE-2011-4404

Severity Medium
Score 5/10

Summary

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.

  • LOW
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

  • Published