CVE-2011-0426

Description

Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.

Affected products

• VMware / vCenter4.0 – 4.0
• VMware / vCenter4.0 – 4.0
• VMware / vCenter4.0 – 4.0
• VMware / vCenter4.1 – 4.1
• VMware / virtualcenter2.5 – 2.5
• VMware / virtualcenter2.5 – 2.5
• VMware / virtualcenter2.5 – 2.5
• VMware / virtualcenter2.5 – 2.5
• VMware / virtualcenter2.5 – 2.5
• VMware / virtualcenter2.5 – 2.5

References

• MAILING_LISThttp://lists.vmware.com/pipermail/security-announce/2011/000137.html
• MISChttp://securitytracker.com/id?1025502
• VENDOR_ADVISORYhttp://www.vmware.com/security/advisories/VMSA-2011-0008.html