What is CVE-2011-4404?

CVE-2011-4404 is a vulnerability in Vmware Vcenter_update_manager, classified under CWE-16. Published 2011-11-19.

Is CVE-2011-4404 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vmware Vcenter_update_manager

CVE-2011-4404

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary…

EPSS: 0.833 (99.3th percentile) — read the EPSS interpretation.

Affected products

Vmware Vcenter_update_manager — versions 4.0, 4.1
N/a — versions n/a

Weakness classification (CWE)

CWE-16

Public proof-of-concept exploits

rapid7/metasploit-framework

References

1026341 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2011-4404?: CVE-2011-4404 is a vulnerability in Vmware Vcenter_update_manager, classified under CWE-16. Published 2011-11-19.
Is CVE-2011-4404 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.