CVE-2015-1047

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions 5.0 through 5.0 u3e VMware vCenter Server versions 5.1 through 5.1 u3 VMware vCenter Server versions 5.5 through 5.5 u2

Description The issue allows remote attackers to cause a denial of service. This is due to insufficient input validation in the Host heartbeat service of VMware vCenter Server. An attacker can exploit this by sending a specially crafted UDP packet to port 902, containing a string larger than 217 bytes, which can cause the service to crash.

Recommendations For versions 5.0 through 5.0 u3e, update to version 5.0 u3e or later. For versions 5.1 through 5.1 u3, update to version 5.1 u3 or later. For versions 5.5 through 5.5 u2, update to version 5.5 u2 or later. As a temporary workaround, consider restricting access to port 902 to minimize the risk of exploitation.