- Home
- CVEs with nessus.description==The version of vCenter Operations Manager installed on the remote host is prior to 5.8.2. It is, therefore, affected by the following vulnerabilities :
- An error exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipart requests such as file uploads that could allow denial of service attacks. (CVE-2014-0050)
- A security bypass error exists due to the included Apache Struts2 component, allowing manipulation of the ClassLoader via the 'class' parameter, which is directly mapped to the getClass() method. A remote, unauthenticated attacker can take advantage of this issue to manipulate the ClassLoader used by the application server, allowing for the bypass of certain security restrictions. Note that CVE-2014-0112 exists because CVE-2014-0094 was not a complete fix.
(CVE-2014-0094, CVE-2014-0112)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top