Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

VMWare vCenter vulnerability help

Posted on 2014-01-30
2
Medium Priority
?
646 Views
Last Modified: 2014-02-05
I had a vulnerability scan done recently and I'm having trouble finding any information on 1 of the items. My setup is ESXi 5.1 with vCenter Server running on Win2008 R2 SP1.

Web Server Internal IP address or network name available
CVE: CVE-2000-0649 CVE-2002-0419
Location: http://localhost:9090/vsphere-client
Impact: An attacker could determine information about your internal network structure from information in http headers.


Seems like there is some sort of http hearer leak of some kind. I was flagged for a few other vCenter items on port 9090 but I was able to find a VMware KB article which states that "there is no potential to obtain sensitive data from this exploit". I realize that port 9090 and 9443 is needed for the Web Client. Anyone have any info on this?? Thanks a lot.
0
Comment
Question by:cb_it
2 Comments
 
LVL 28

Accepted Solution

by:
asavener earned 2000 total points
ID: 39821749
Connecting to the server on 9090 should just redirect you to the SSL-protected site (on port 9443).

If you were actually administering the server over 9090, then a bad guy could sniff your username and password.

Since it's just a redirection, no sensitive information is exposed.
0
 
LVL 124
ID: 39821930
AS it's a vCenter Application, or possibly Apache Web Engine, are you running the latest vCenter Server for 5.1.

if you are, you would need to discuss this security issues with VMware Support for Guidance, if they believe it is a security threat, and could be a false postiive provided by the scanner,
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When converting a physical machine to a virtual machine using VMware vCenter Converter Standalone or vCenter Converter Enterprise, if an adapter type is not selected during the initial customization the resulting virtual machine may contain an IDE d…
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question