Some outright rants from a bunch of infosec practitioners.



VMSA-2011-0005: VMware vCenter Orchestrator remote code execution vulnerability

Reading this advisory I’m quite tempted to emit another rant on the relationship of heavy use of 3rd party components, lack of (security) quality assurance and services running at times where they’re not needed (see second workaround here). I’ll refrain  from that for today. Just wanted to let you know that the underlying vulnerability in Struts2 was initially discovered by Meder Kydyraliev who gives this talk at Troopers in two weeks. He’ll certainly describe the inner workings of this one, and others… 😉

Have a good one,


RSS Feed

No comments yet.

Leave a comment!





Mail | Twitter | Imprint

©2010-2013 ERNW GmbH
To top