Improper input validation in Vmware Esx_server

CVE-2010-0686

WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forw…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.011 (78.0th percentile) — read the EPSS interpretation.

Affected products

Vmware Esx_server — versions 3.0.3, 3.5
Vmware Server — versions 2.0.0
Vmware Virtualcenter — versions 2.5, 2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
39037 (Patch, vdb-entry, x_refsource_BID)
1023769 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)