CVE-2011-4404
published 2011-11-19CVE-2011-4404: The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2…
PriorityP356medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
63.23%
99.1th percentile
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | esxi | — | — |
| vmware | vcenter_update_manager | — | — |
| vmware | vcenter_update_manager | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vmware_workstation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://<host>:9084/vci/downloads/.\..\..\..\..\..\..\.\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\rui.key↗
- →Monitor HTTP requests to port 9084 targeting the /vci/downloads/ path containing directory traversal sequences such as .\..\ or mixed slash traversal patterns, which are characteristic of this Jetty misconfiguration exploit. ↗
- →Unauthenticated attackers can read arbitrary files with the rights of the VMware Update Manager process; alert on any unauthenticated GET requests to port 9084 containing backslash-dot traversal sequences. ↗
- →The traversal technique uses a mixed .\..\ pattern (dot-backslash-dot-dot-backslash) rather than the classic ../ sequence, which may evade simple path-traversal filters; ensure detection rules cover backslash-based traversal on Windows hosts. ↗
- →This issue is a variant of CVE-2009-1523; detection logic for that earlier Jetty traversal (VMSA-2010-0012) should be reviewed and extended to cover the .\..\ bypass variant used here. ↗
- ·The vulnerability is caused by the default (misconfigured) Jetty HTTP server configuration bundled with vSphere Update Manager; the issue does not affect vCenter Server itself, hosted products (Workstation, Player, ACE, Fusion), ESX, or ESXi. ↗
- ·Update Manager 5.0 on Windows is not affected; only Update Manager 4.1 (prior to Update 2) and 4.0 (prior to Update 4) on Windows are vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vmm-vm8r-59c6: The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2011-4404 [MEDIUM] GHSA-2vmm-vm8r-59c6: The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.
VMware
VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
vendor_vmware·2011-11-17·CVSS 5.0
CVE-2011-4404 [MEDIUM] VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
VMSA-2011-0014: VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
a. Directory traversal in third party Jetty Web server component VMware vSphere Update Manager is an automated patch management solution for VMware ESX hosts and Microsoft virtual machines. Update Manager embeds the Jetty Web server which is a third party component. The way the Jetty Web Server in vSphere Update Manager is configured allows for directory traversal. This issue is a variant of the directory traversal issue that was addressed in earlier versions of vSphere Update Manager. See VMSA-2010-0012 for additional information. VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us. The Common Vulnerabilities and Expo
No detection rules found.
Exploit-DB
VMware - Update Manager Directory Traversal
exploitdb·2011-11-21·CVSS 5.0
CVE-2011-4404 [MEDIUM] VMware - Update Manager Directory Traversal
VMware - Update Manager Directory Traversal
---
# Exploit Title:VMware Update Manager Directory Traversal
# Date:18/11/2011
# Author: Alexey Sintsov
# Software Link: http://www.vmware.com/
# Version:2.0.2
# Tested on: Windows 2003 / vCenter Update Manager 4.1 U1
# CVE : CVE-2011-4404
DSECRG-11-042 VMware Update Manager - Directory Traversal
Application: VMware Update Manager
Versions Affected: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4.0 prior to Update 4
Vendor URL: http://vmware.com
Bugs: Directory Traversal File Read
CVE: CVE-2011-4404
CVSS2: 7.8
Exploits: YES
Reported: 06.06.2010
Vendor response: 06.06.2010
Date of Public Advisory: 18.11.2011
Authors: Alexey Sintsov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com)
Description
Di
Metasploit
VMware Update Manager 4 Directory Traversal
metasploit
VMware Update Manager 4 Directory Traversal
VMware Update Manager 4 Directory Traversal
This modules exploits a directory traversal vulnerability in VMware Update Manager on port 9084. Versions affected by this vulnerability: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4 Update 4.
No writeups or analysis indexed.
http://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/handler/ResourceHandler.htmlhttp://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/servlet/DefaultServlet.htmlhttp://www.securitytracker.com/id?1026341http://www.vmware.com/security/advisories/VMSA-2011-0014.htmlhttp://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/handler/ResourceHandler.htmlhttp://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/servlet/DefaultServlet.htmlhttp://www.securitytracker.com/id?1026341http://www.vmware.com/security/advisories/VMSA-2011-0014.html
2011-11-19
Published