Insinuator


Some outright rants from a bunch of infosec practitioners.

Mar/11

14

VMSA-2011-0005: VMware vCenter Orchestrator remote code execution vulnerability


Reading this advisory I’m quite tempted to emit another rant on the relationship of heavy use of 3rd party components, lack of (security) quality assurance and services running at times where they’re not needed (see second workaround here). I’ll refrain  from that for today. Just wanted to let you know that the underlying vulnerability in Struts2 was initially discovered by Meder Kydyraliev who gives this talk at Troopers in two weeks. He’ll certainly describe the inner workings of this one, and others… ;-)

Have a good one,

Enno

RSS Feed

No comments yet.

Leave a comment!

Preview:

<<

>>

Contact


Mail | Twitter | Imprint

©2010-2013 ERNW GmbH
To top