CVE-2011-4404

medium VMware
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Score
83.3%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None
Published: November 19, 2011 (5290 days ago)
Last Modified: April 29, 2026
Vendor: VMware
Source: NVD

Description

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.

CWE

CWE-16

Affected Products

vmware vcenter update manager

References

🔗 jetty.codehaus.org 🔗 jetty.codehaus.org 🔗 www.securitytracker.com 🔗 www.vmware.com 🔗 jetty.codehaus.org