Vulnerability Details : CVE-2013-5971
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
Products affected by CVE-2013-5971
- cpe:2.3:a:vmware:vcenter_server:*:update_2_rc:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:4.0.0.12305:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:4.0.0.10021:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:4.1.0.17435:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:4.1.0.12319:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:4.1.0.14766:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5971
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-5971
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-5971
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5971
-
http://www.securityfocus.com/bid/63218
VMware vSphere Web Client Server Session ID CVE-2013-5971 Handling Session Fixation Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/88134
VMware vCenter Server vSphere Web Client Server session hijacking CVE-2013-5971 Vulnerability Report
-
http://www.vmware.com/security/advisories/VMSA-2013-0012.html
VMSA-2013-0012.1Vendor Advisory
Jump to