CVE-2010-0686

VMware VirtualCenter 2.0.2 and 2.5 - Request Origin Spoofing via URL Forwarding

Title source: llm
STIX 2.1

Description

WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."

References (4)

Core 4
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39037
Patch, Vendor Advisory mailing-list x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2010/000086.html
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2010-0005.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023769

Scores

EPSS 0.0106
EPSS Percentile 77.9%

Details

CWE
CWE-20
Status published
Products (5)
vmware/esx_server 3.0.3
vmware/esx_server 3.5
vmware/server 2.0.0
vmware/virtualcenter 2.0.2
vmware/virtualcenter 2.5
Published Apr 01, 2010
Tracked Since Feb 18, 2026