Scroll Top

VMware Update Fixes Critical Remote Code Execution Vulnerability

April 19, 2017

VMware has fixed a critical flaw in its vCenter Server that could be exploited to execute code remotely. The vulnerability affects vCenter versions 6.5 and 6.0. Users are urged to upgrade to versions 6.5c or 6.0U3b.

US-CERT warned about the vulnerability, stressing exploitation could result in an attacker taking control of an affected system, in an alert posted on Friday.

vCenter Server, formerly known as VirtualCenter, is a tool used for managing vSphere virtual environments.

The vulnerability technically stems from the usage of BlazeDS to process AMF3 messages. BlazeDS, originally developed by Adobe, is a server-based Java remoting and web-based messaging technology. AMF3, or Action Message Format 3, is a compact binary is a message format, also developed by Adobe, used by Flash apps to communicate and to serialize ActionScript object graphs.

The vulnerability could allow an attacker to execute arbitrary code when deserializing an untrusted Java object, according to VMware’s security advisory.

Source: http://www.vmware.com/security/advisories/VMSA-2017-0007.html

Related Posts

Xen security updates issued

Numerous updates were just released to address various security vulnerabilities and it is recommended that you update as soon as possible. (XSA-145 to XSA-153) Official Link: http://xenbits.xen.org/xsa/ Source: Hostingseclist

29 Oct 2015
Security updates for Adobe Acrobat and Reader

 Adobe’s first round of security updates for 2019 resolve two critical flaws for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities, CVE-2018-16011 and CVE-2018-19725.

04 Jan 2019
Authentication bypass bugs in 3 plugins make 400.000 websites vulnerable

Researchers have discovered authorization bypass bugs in three WordPress plugins, making a total of 400,000 WordPress websites vulnerable to cyber attacks. The affected plugins are InfiniteWP, WP Time Capsule and the WP Database Reset plugin.

23 Jan 2020
vulnerability uncovered in aapanel hosting control panel

aaPanel is a free and Open source Hosting Control Panel for RHEL and Debian based systems. It is the Internationalized version for the BAOTA panel(www.bt.cn), developed in China. It allows users to manage their web server through a web-based GUI (Graphical User Interface).

28 Jun 2020
cPanel TSR-2015-0005 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores ranging from…

22 Sep 2015
Bash Latest Patch / Status Update

According to a Google Security Researcher who was able to defeat all of the current patches and make the vulnerability easier to exploit, they are now recommending the following unofficial patch until it is pushed upstream: http://www.openwall.com/lists/oss-security/2014/09/25/13 Further Information: “http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx source: hostingseclist

29 Sep 2014
Joomla 3.7.1 Security and bugfix release

Joomla! 3.7.1 is now available. This is a security release for the 3.x series of Joomla! which addresses one critical security vulnerability and several bug fixes. The security issue was found to be the result of inadequate filtering of requested data that lead to a SQL Injection vulnerability. We…

17 May 2017
WordPress 4.7.2 security update

WordPress 4.7.2 was released last Thursday, January 26th. WordPress have just announced that In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional vulnerability for which disclosure was delayed.

06 Feb 2017
Plesk 12 Security Updates Issued

An update for Plesk 12 (Windows) was just released to address various security vulnerabilities and it is recommended that you update as soon as possible. Official Link: http://download1.parallels.com/Plesk/PP12/12.0/release-notes/parallels-plesk-12.0-for-windows-change-log.html#12018-mu52

26 Jun 2015
New VMware bug exploited to breach networks

A vulnerability that VMware patched recently in some of its products, is currently being exploited and Russian threat actors are leveraging this vulnerability to install malware on corporate systems and access protected data, the National Security Agency (NSA) warned on Monday.

08 Dec 2020
Vulnerabilities found in Newsletter plugin for WordPress

Newsletter, a free WordPress plugin with more than 300,000 installations, was found to contain multiple vulnerabilities that could eventually lead to the takeover of an affected website. The bugs were discovered by the Wordfence team who notified the developer of the plugin.

07 Aug 2020
Bash Security Update(s) Issued

We have been made aware of a serious security vulnerability in Bash that affects multiple operating systems and applications.

25 Sep 2014
Magento Security Update Issued

An update for Magento was just released to address a critical security vulnerability and it is recommended that you update as soon as possible. Official Link: http://bit.ly/1flmoA8 Source: hostingseclist.com

07 Jul 2015
Bash / Shellshock Patches May Not be Enough to Protect Systems

Simply patching systems against the Bash/Shellshock vulnerability may not be adequate. Attacks exploiting the flaw appeared within a day of its disclosure. Those attacks may have made changes to systems that would not be remedied by the application of a patch.

18 Oct 2014
Security Update Issued for Xen Hypervisor

An update for Xen was just released to address a vulnerability where a buggy or malicious HVM guest can crash the host or read data relating to other guests or the hypervisor itself. source:hostingseclist

01 Oct 2014
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required
Privacy Policy Cookies Policy