JVN/CVE Demo: Jvninfos

JVN Info.

Id: 20621
Name: JVNDB-2013-002196
Title: Apache Maven のデフォルト設定におけるサーバになりすまされる脆弱性
Summary: Apache Maven のデフォルト設定は、Apache Maven Wagon を使用している場合に、SSL 証明書のチェックが無効になっているため (disables SSL certificate checks)、サーバになりすまされる脆弱性が存在します。
Nvdinfo: CVE-2013-0253
Cvssv2: 5.8
Jvnurl: http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-002196.html
Published Date: 2013-04-02
Registered Date: 2013-04-11
Last Updated Date: 2013-04-11

Actions

Related Nessuslogs

Id	Log ID	Jvninfo Id	Plugin ID	CVE	CVSS	Risk	Host	Protocol	Port	Name	Synopsis	Description	Solution	See Also	Plugin Output
7523	H28-MOJ-Online-Nara-16-seg-1-20161126-soga_ubl064.csv	20621	92949	CVE-2016-5331	9.3	High	172.27.137.67	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 5.5 Installed build : 2403361 Fixed build : 4179633 / 4179631 (security-only fix)
17380	H28-MOJ-Teikyo-Nara-16-Seg-1-20161128-Endo_cwc04s.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.200.20	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
17425	H28-MOJ-Teikyo-Nara-16-Seg-1-20161128-Endo_cwc04s.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.200.22	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
17478	H28-MOJ-Teikyo-Nara-16-Seg-2-20161128-Endo_a4yi4b.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.200.21	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
18032	H28-MOJ-Teikyo-Nara-17-seg-1-20161128-w510.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.201.20	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
18195	H28-MOJ-Teikyo-Nara-17-seg-1-20161128-w510.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.201.21	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
18309	H28-MOJ-Teikyo-Nara-17-seg-1-20161128-w510.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.201.22	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
20829	H28-MOJ-Teikyo-Nara-17-seg-2-20161128-w510.csv	20621	92870	CVE-2016-5331	5	Medium	172.30.201.69	tcp	443	VMware vCenter Server 6.0.x < 6.0u2 Unspecified HTTP Header Injection (VMSA-2016-0010)	A virtualization management application installed on the remote host is affected by an HTTP header injection vulnerability.	The version of VMware vCenter Server installed on the remote host is 6.0.x prior to 6.0u2. It is, therefore, affected by an HTTP header injection vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.	Upgrade to VMware vCenter Server version 6.0u2 (6.0.0 build-3634788) or later.	https://www.vmware.com/security/advisories/VMSA-2016-0010.html	Installed version : 6.0.0 build-3018524 Fixed version : 6.0.0 build-3634788
30879	H28-MOJ-Online-Funa-12-seg-v1-161103.csv	20621	92949	CVE-2016-5331	9.3	High	172.27.9.67	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 5.5 Installed build : 2403361 Fixed build : 4179633 / 4179631 (security-only fix)
41412	H28-MOJ-Teikyo-Yokohama-17-seg-01-21161121-abe_beidq4.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.136.20	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
41465	H28-MOJ-Teikyo-Yokohama-17-seg-02-21161121-abe_2jyjw7.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.136.21	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
41510	H28-MOJ-Teikyo-Yokohama-17-seg-02-21161121-abe_2jyjw7.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.136.22	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
42099	H28-MOJ-Teikyo-Yokohama-18-seg-01-21161121-abe_ubh1mj.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.138.20	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
42260	H28-MOJ-Teikyo-Yokohama-18-seg-01-21161121-abe_ubh1mj.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.138.21	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
42340	H28-MOJ-Teikyo-Yokohama-18-seg-01-21161121-abe_ubh1mj.csv	20621	92949	CVE-2016-5331	9.3	High	172.30.138.22	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 6.0 Installed build : 3568940 Fixed build : 3620759 / 3568943 (security-only fix)
43913	H28-MOJ-Teikyo-Yokohama-18-seg-01-21161121-abe_ubh1mj.csv	20621	92870	CVE-2016-5331	5	Medium	172.30.138.69	tcp	443	VMware vCenter Server 6.0.x < 6.0u2 Unspecified HTTP Header Injection (VMSA-2016-0010)	A virtualization management application installed on the remote host is affected by an HTTP header injection vulnerability.	The version of VMware vCenter Server installed on the remote host is 6.0.x prior to 6.0u2. It is, therefore, affected by an HTTP header injection vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.	Upgrade to VMware vCenter Server version 6.0u2 (6.0.0 build-3634788) or later.	https://www.vmware.com/security/advisories/VMSA-2016-0010.html	Installed version : 6.0.0 build-3018524 Fixed version : 6.0.0 build-3634788
52135	H28_MUN_DWEB_Q4_172_16_240_seg.csv	20621	92949	CVE-2016-5331	9.3	High	172.16.240.150	tcp	0	ESXi 5.0 < Build 3982828 / 5.1 < Build 3872664 / 5.5 < Build 4179633 / 6.0 < Build 3620759 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)	The remote VMware ESXi host is affected by multiple vulnerabilities.	The remote VMware ESXi host is 5.0 prior to build 3982828, 5.1 prior to build 3872664, 5.5 prior to build 4179633, or 6.0 prior to build 3620759. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330) - An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. (CVE-2016-5331)	Apply the appropriate patch as referenced in the vendor advisory. Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.	http://www.vmware.com/security/advisories/VMSA-2016-0010.html http://kb.vmware.com/kb/2142193 http://kb.vmware.com/kb/2143976 http://kb.vmware.com/kb/2141429 http://kb.vmware.com/kb/2144359	ESXi version : 5.5 Installed build : 1892794 Fixed build : 4179633 / 4179631 (security-only fix)

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.42 MB
View render complete	2.84 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	3.09
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	53.48
Event: Controller.beforeRender	4.52
» Processing toolbar data	4.40
Rendering View	3.64
» Event: View.beforeRender	0.02
» Rendering APP/View/Jvninfos/view.ctp	2.69
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.54
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.08
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/jvninfos/view/20621
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/jvninfos/view/20621
Remote Port	19083
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.145.79.94
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=u0ef0v5r72abetri7hfh7q4np0
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.145.79.94
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.145.79.94
Unique Id	aA_CtYS86MGb12m-uJPcwQAAAXQ
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.145.79.94
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.145.79.94
Redirect Unique Id	aA_CtYS86MGb12m-uJPcwQAAAXQ
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.145.79.94
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.145.79.94
Redirect Redirect Unique Id	aA_CtYS86MGb12m-uJPcwQAAAXQ
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1745863349.695
Request Time	1745863349

JVN Info.

Actions

Related Nessuslogs

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files