CVE-2016-7459

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Weaknesses (CWE)

CWE-611

Affected Products (13)

vmware · vcenter_servervulnerable

References (6)

http://www.securityfocus.com/bid/94486

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037329

http://www.vmware.com/security/advisories/VMSA-2016-0022.html

PatchVendor Advisory

http://www.securityfocus.com/bid/94486

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037329

http://www.vmware.com/security/advisories/VMSA-2016-0022.html

PatchVendor Advisory