Signature Detail

Short Name	APP:VMWARE-VCENTER-CHARGEBACK
Severity	Critical
Recommended	Yes
Recommended Action	Drop
Category	APP
Keywords	VMWare VCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload
Release Date	2013/10/10
Update Number	2309
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: VMWare VCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload

This signature detects attempts to exploit a known vulnerability against Vmware vCenter Chargeback Manager. A successful attack can lead to arbitrary code execution.

Extended Description

VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected Products

vmware vcenter_chargeback_manager 1.5.0
vmware vcenter_chargeback_manager 1.6.0
vmware vcenter_chargeback_manager 1.6.1
vmware vcenter_chargeback_manager 1.6.2
vmware vcenter_chargeback_manager 2.0.0
vmware vcenter_chargeback_manager 2.0.1
vmware vcenter_chargeback_manager up to 2.5.0

References

BugTraq: 60484
CVE: CVE-2013-3520

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: VMWare VCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload

Extended Description

Affected Products

References