SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   VMware ESX Server Vendors:   VMware, Inc.
(VMware Issues Fix for ESX Server) Tomcat Input Validation Hole in Host Manager Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1023045
SecurityTracker URL:  http://securitytracker.com/id/1023045
CVE Reference:   CVE-2008-1947   (Links to External Site)
Date:  Oct 16 2009
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.5
Description:   A vulnerability was reported in Tomcat in the Host Manager application. A remote user can conduct cross-site scripting attacks. VMware ESX Server is affected.

The Host Manager web application does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Tomcat software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Tomcat software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   VMware has issued a fix for ESX Server.

ESX 3.5
-------
ESX350-200910403-SG
http://download3.vmware.com/software/vi/ESX350-200910403-SG.zip
md5sum: 0e90be5bd6aa986dc2356563e809a54f
sha1sum: a5968cf6db78e28d79a4fd0b4df172cadf0f7129
http://kb.vmware.com/kb/1013126

The VMware advisory is available at:

http://www.vmware.com/security/advisories/
Cause:   Input validation error
Underlying OS:  

Message History:   This archive entry is a follow-up to the message listed below.
Aug 4 2008 Tomcat Input Validation Hole in Host Manager Permits Cross-Site Scripting Attacks


 Source Message Contents
Date:  Fri, 16 Oct 2009 09:45:26 -0700
Subject:  [Security-announce] UPDATED VMSA-2009-0002.1 VirtualCenter Update 4


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2009-0002.1
Synopsis:          VirtualCenter Update 4 and ESX patch update Tomcat
                   to version 5.5.27
Issue date:        2009-02-23
Updated on:        2009-10-16
CVE numbers:       CVE-2008-1232 CVE-2008-1947 CVE-2008-2370
- ------------------------------------------------------------------------

1. Summary

   Updated VMware VirtualCenter Update 4 and ESX patch update Tomcat
   packages.

2. Relevant releases

   VirtualCenter 2.5 before Update 4
   ESX 3.5 without patch ESX350-200910403-SG

3. Problem Description

 a. Update for VirtualCenter and ESX patch update Apache Tomcat version
    to 5.5.27

   Update for VirtualCenter and ESX patch update the Tomcat package to
   version 5.5.27 which addresses multiple security issues that existed
   in the previous version of Apache Tomcat.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2008-1232, CVE-2008-1947 and
   CVE-2008-2370 to these issues.

   The following table lists what action remediates the vulnerability
   (column 4) if a solution is available.

   VMware        Product   Running  Replace with/
   Product       Version   on       Apply Patch
   ========      ========  =======  =======================
   vCenter       4.0       Windows  affected, patch pending **
   VirtualCenter 2.5       Windows  VirtualCenter 2.5 Update 4
   VirtualCenter 2.0.2     Windows  affected, patch pending

   Workstation   any       any      not affected

   Player        any       any      not affected

   ACE           any       Windows  not affected

   Server        2.x       any      affected, patch pending
   Server        1.x       any      not affected

   Fusion        any       Mac OS/X not affected

   ESXi          any       ESXi     not affected

   ESX           4.0       ESX      affected, patch pending **
   ESX           3.5       ESX      ESX350-200910403-SG
   ESX           3.0.3     ESX      affected, patch pending
   ESX           3.0.2     ESX      affected, end of life
   ESX           2.5.5     ESX      not affected

   ** Tomcat will be updated to version 6.0.20 in the next update release

 Note: These vulnerabilities can be exploited remotely only if the
        attacker has access to the Service Console network.

        Security best practices provided by VMware recommend that the
        Service Console be isolated from the VM network. Please see
        http://www.vmware.com/resources/techresources/726 for more
        information on VMware security best practices.

        The currently installed version of Tomcat depends on your patch
        deployment history.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.

   VirtualCenter
   -------------
   VMware VirtualCenter 2.5 Update 4
   http://www.vmware.com/download/download.do?downloadGroup=VC250U4
   DVD iso image
   md5sum: 4304334ed7662b6a43646e6dde0956d2
   Zip file
   md5sum: 1306cb9b25e28a06bab84257d7cbf38f
   Release Notes
   http://www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html

   ESX 3.5
   -------
   ESX350-200910403-SG
   http://download3.vmware.com/software/vi/ESX350-200910403-SG.zip
   md5sum: 0e90be5bd6aa986dc2356563e809a54f
   sha1sum: a5968cf6db78e28d79a4fd0b4df172cadf0f7129
   http://kb.vmware.com/kb/1013126

5. References

   Tomcat release notes
   http://tomcat.apache.org/security-5.html

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370

- ------------------------------------------------------------------------
6. Change log

2009-02-23  VMSA-2009-0002
Initial security advisory after release of VirtualCenter 2.5 Update 4
on 2009-02-23.
2009-10-16  VMSA-2009-0002.1
Updated after release of ESX 3.5 patch 18 on 2009-10-16.
 
- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2009 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFK2KMcS2KysvBH1xkRArSqAJ48tFf8rlBUU5/vCNBmM7Rb3C5+LACfV3xS
t/ZgK6V7hJYf1KK4S0SRPtI=
=GRKY
-----END PGP SIGNATURE-----

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC