VMware has released a new security advisory: “VMSA-2017-0017 – VMware vCenter Server update resolves LDAP DoS, SSRF and CLRF injection issues“.
VMSA-2017-0017 advisory covers two issues affecting VMware vCenter Server:
- CVE-2017-4927 – VMware vCenter Server doesn’t correctly handle specially crafted LDAP network packets which may allow for remote DoS. This issue affects vCenter Server 6.5 and 6.0. vCenter Server 6.5 Update 1 and 6.0 Update 3c fix this issue.
- CVE-2017-4928 – SSRF and CRLF injection issues in vSphere web client. An attacker may exploit the Flash-based vSphere Web Client by sending a POST request with modified headers towards internal services leading to information disclosure. This issue affects vCenter Server 6.0 and 5.5. vCenter Server 6.0 Update 3c and 5.5 Update 3f fix this issue.
Recent Comments