Back to search

VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) November 05, 2009 February 16, 2011 July 20, 2012

Available Exploits 

Description

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

VMware VMware ESX Server >= 3.5 and < 4.0

Apply ESX350-201003403-SG.

See the vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 3.5 hosts.

To update ESX 3.5 hosts without using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.

Related Vulnerabilities