CVE-2006-5990
VMware VirtualCenter 2.x < 2.0.1 Patch 1 and 1.4.x < 1.4.1 Patch 1 - Server Certificate Verification Bypass
Title source: llmDescription
VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.
References (8)
Core 8
Core References
Various Sources x_refsource_confirm
http://kb.vmware.com/kb/4646606
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4655
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017270
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452275/100/0/threaded
Patch x_refsource_misc
http://www.vmware.com/download/vi/vc-201-200611-patch.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23053
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21231
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30477
Scores
EPSS
0.0037
EPSS Percentile
58.7%
Details
CWE
CWE-20
Status
published
Products (2)
vmware/virtualcenter
1.4.1
vmware/virtualcenter
2.0.1
Published
Nov 21, 2006
Tracked Since
Feb 18, 2026