VMware vCenter Server/ESXi CRLF Injection (CVE-2016-5331)
VMware vCenter Server/ESXi CRLF Injection (CVE-2016-5331)
Release date:
Updated on:
Affected Systems:
VMWare ESXi 1, 6.0
VMWare vCenter Server 6.0 <U2
Description:
CVE (CAN) ID: CVE-2016-5331
VMware vCenter Server can quickly deploy virtual machines and monitor the performance of physical servers and virtual machines.
VMware vCenter Server 6.0 <U2 and ESXi 6.0 have the CRLF Injection Vulnerability. Remote attackers exploit this vulnerability to inject arbitrary HTTP headers and execute HTTP Response isolation attacks.
<* Source: Yorick Koster
*>
Suggestion:
Vendor patch:
VMWare
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.vmware.com/security/advisories/VMSA-2016-0010.html
Https://www.vmware.com/go/download-vsphere
This article permanently updates the link address: