Security Response to CAN-2004-0700: Vulnerability in mod_proxy (1429)
A security software audit warns that an ESX Server machine may have the security vulnerability described at:
How can I protect the server? Does VMware have a fix for this?
This vulnerability is exploitable if mod_proxy is in use. Because the management interface doesn't use this proxy (it is not enabled in httpd.conf), ESX Server 2.x is not exposed to this vulnerability. VMware recommends that you do not enable mod_proxy on an ESX Server machine.
VMware has addressed this vulnerability with the release of ESX Server 2.5. VMware also provides updates for ESX 2.1.x, 2.0.x and 1.5.2 in the following security updates: