The OVAL Repository5.62014-01-03T07:14:15.168-05:00VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issuesApache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.Merryl DMelloDRAFTINTERIMINTERIMVMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issuesCertain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.Merryl DMelloDRAFTINTERIMINTERIMVMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issuesApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.Merryl DMelloDRAFTINTERIMINTERIMThird party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESXVMWare ESX Server 4.1VMWare ESX Server 4.0VMWare ESX Server 3.5.0The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.Merryl DMelloDRAFTINTERIMINTERIMVMware ESX Server 4.0 is installedVMware ESX Server 4The operating system installed on the system is VMware ESX Server 4.0.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDVMware ESX Server 3.5.0 is installedVMware ESX Server 3.5The operating system installed on the system is VMware ESX Server 3.5.0.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDVMware ESX Server 4.1 is installedVMware ESX Server 4.1The operating system installed on the system is VMware ESX Server 4.1.Jonathan BakerDRAFTINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDESX400-201209401-SGESX410-201208101-SGESX400-201103401-SGESX410-201101201-SGESX350-201105401-SG4.0.03.5.04.1.0