CVE-2011-4404

VMware vCenter Update Manager - Directory Traversal and Arbitrary File Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-4404. PoCs published by Alexey Sintsov, Alexey Sintsov, sinn3r, including Metasploit module auxiliary/scanner/vmware/vmware_update_manager_traversal.

AI-analyzed exploit summary This is a technical writeup detailing a directory traversal vulnerability in VMware Update Manager's Jetty web server, allowing unauthenticated file reads. It includes a sample exploit URL and references to vendor advisories.

Description

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.

Exploits (2)

exploitdb WRITEUP
by Alexey Sintsov · textremotewindows
https://www.exploit-db.com/exploits/18138

This is a technical writeup detailing a directory traversal vulnerability in VMware Update Manager's Jetty web server, allowing unauthenticated file reads. It includes a sample exploit URL and references to vendor advisories.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: VMware Update Manager (vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4.0 prior to Update 4)
No auth needed
Prerequisites: Network access to the target VMware Update Manager instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC
by Alexey Sintsov, sinn3r · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_update_manager_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in VMware Update Manager (CVE-2011-4404) to retrieve arbitrary files from the server. It sends a crafted HTTP GET request with traversal sequences to access files outside the intended directory.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: VMware vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4 Update 4
No auth needed
Prerequisites: Network access to port 9084 on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026341
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0014.html

Scores

EPSS 0.6323
EPSS Percentile 99.1%

Details

CWE
CWE-16
Status published
Products (2)
vmware/vcenter_update_manager 4.0 (4 CPE variants)
vmware/vcenter_update_manager 4.1 (2 CPE variants)
Published Nov 19, 2011
Tracked Since Feb 18, 2026