ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability

--_002_1BF8853173D9704A93EF882F85952A892901DFMX304CL04corpemcc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



--_002_1BF8853173D9704A93EF882F85952A892901DFMX304CL04corpemcc_
Content-Type: text/plain; name="ESA-2017-062.txt"
Content-Description: ESA-2017-062.txt
Content-Disposition: attachment; filename="ESA-2017-062.txt"; size=3279;
	creation-date="Tue, 30 May 2017 18:21:49 GMT";
	modification-date="Wed, 21 Jun 2017 18:22:13 GMT"
Content-Transfer-Encoding: base64

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCkVTQS0y
MDE3LTA2MjogVkFTQSBQcm92aWRlciBWaXJ0dWFsIEFwcGxpYW5jZSBSZW1vdGUgQ29kZSBFeGVj
dXRpb24gVnVsbmVyYWJpbGl0eQ0KDQpFTUMgSWRlbnRpZmllcjogRVNBLTIwMTctMDYyDQpDVkUg
SWRlbnRpZmllcjogQ1ZFLTIwMTctNDk5Nw0KU2V2ZXJpdHkgUmF0aW5nOiBDVlNTIHYzIEJhc2Ug
U2NvcmU6IDguMyAoQVY6Ti9BQzpML1BSOk4vVUk6Ti9TOkMvQzpML0k6TC9BOkwpDQoNCkFmZmVj
dGVkIHByb2R1Y3RzOiAgDQpWQVNBIFByb3ZpZGVyIFZpcnR1YWwgQXBwbGlhbmNlIHZlcnNpb25z
IDguMy54IGFuZCBwcmlvciAgDQoNClN1bW1hcnk6ICANClZBU0EgUHJvdmlkZXIgVmlydHVhbCBB
cHBsaWFuY2UgY29udGFpbnMgYSBmaXggZm9yIGFuIHVuYXV0aGVudGljYXRlZCByZW1vdGUgY29k
ZSBleGVjdXRpb24gdnVsbmVyYWJpbGl0eSB0aGF0IGNvdWxkIHBvdGVudGlhbGx5IGJlIGV4cGxv
aXRlZCBieSBtYWxpY2lvdXMgdXNlcnMgdG8gY29tcHJvbWlzZSB0aGUgYWZmZWN0ZWQgc3lzdGVt
LiANCg0KRGV0YWlsczogIA0KVkFTQSBQcm92aWRlciBWaXJ0dWFsIEFwcGxpYW5jZSB2ZXJzaW9u
cyBwcmlvciB0byA4LjMueCBtYXkgcG90ZW50aWFsbHkgYmUgdnVsbmVyYWJsZSB0byBhbiB1bmF1
dGhlbnRpY2F0ZWQgcmVtb3RlIGNvZGUgZXhlY3V0aW9uIHZ1bG5lcmFiaWxpdHkuICBBbiB1bmF1
dGhlbnRpY2F0ZWQgcmVtb3RlIGF0dGFja2VyIGNvdWxkIHVwbG9hZCBhIG1hbGljaW91cyBmaWxl
IHRvIHJ1biBhcmJpdHJhcnkgY29kZSBvbiB0aGUgc3lzdGVtIHdpdGggcm9vdCBwcml2aWxlZ2Vz
Lg0KDQoNClJlc29sdXRpb246ICANClRoZSBmb2xsb3dpbmcgVkFTQSBQcm92aWRlciBWaXJ0dWFs
IEFwcGxpYW5jZSByZWxlYXNlIGNvbnRhaW5zIGEgcmVzb2x1dGlvbiB0byB0aGlzIHZ1bG5lcmFi
aWxpdHk6DQqVCVZBU0EgUHJvdmlkZXIgVmlydHVhbCBBcHBsaWFuY2UgOC40LjANCg0KRU1DIHJl
Y29tbWVuZHMgYWxsIGN1c3RvbWVycyB1cGdyYWRlIGF0IHRoZSBlYXJsaWVzdCBvcHBvcnR1bml0
eS4gDQoNCkxpbmsgdG8gcmVtZWRpZXM6DQoNCkN1c3RvbWVycyBjYW4gZG93bmxvYWQgc29mdHdh
cmUgZnJvbSBodHRwczovL3N1cHBvcnQuZW1jLmNvbS9kb3dubG9hZHMvNDA1NTdfVkFTQS1Qcm92
aWRlcg0KDQpDcmVkaXRzOiBFTUMgd291bGQgbGlrZSB0byB0aGFuayByZ29kLCB3b3JraW5nIHdp
dGggVHJlbmQgTWljcm8ncyBaZXJvIERheSBJbml0aWF0aXZlIGZvciByZXBvcnRpbmcgdGhpcyB2
dWxuZXJhYmlsaXR5Lg0KDQpbVGhlIGZvbGxvd2luZyBpcyBzdGFuZGFyZCB0ZXh0IGluY2x1ZGVk
IGluIGFsbCBzZWN1cml0eSBhZHZpc29yaWVzLiAgUGxlYXNlIGRvIG5vdCBjaGFuZ2Ugb3IgZGVs
ZXRlLl0NCg0KUmVhZCBhbmQgdXNlIHRoZSBpbmZvcm1hdGlvbiBpbiB0aGlzIEVNQyBTZWN1cml0
eSBBZHZpc29yeSB0byBhc3Npc3QgaW4gYXZvaWRpbmcgYW55IHNpdHVhdGlvbiB0aGF0IG1pZ2h0
IGFyaXNlIGZyb20gdGhlIHByb2JsZW1zIGRlc2NyaWJlZCBoZXJlaW4uIElmIHlvdSBoYXZlIGFu
eSBxdWVzdGlvbnMgcmVnYXJkaW5nIHRoaXMgcHJvZHVjdCBhbGVydCwgY29udGFjdCBFTUMgU29m
dHdhcmUgVGVjaG5pY2FsIFN1cHBvcnQgYXQgMS04NzctNTM0LTI4NjcuDQoNCkZvciBhbiBleHBs
YW5hdGlvbiBvZiBTZXZlcml0eSBSYXRpbmdzLCByZWZlciB0byBFTUMgS25vd2xlZGdlYmFzZSBz
b2x1dGlvbiBlbWMyMTg4MzEuIEVNQyByZWNvbW1lbmRzIGFsbCBjdXN0b21lcnMgdGFrZSBpbnRv
IGFjY291bnQgYm90aCB0aGUgYmFzZSBzY29yZSBhbmQgYW55IHJlbGV2YW50IHRlbXBvcmFsIGFu
ZCBlbnZpcm9ubWVudGFsIHNjb3JlcyB3aGljaCBtYXkgaW1wYWN0IHRoZSBwb3RlbnRpYWwgc2V2
ZXJpdHkgYXNzb2NpYXRlZCB3aXRoIHBhcnRpY3VsYXIgc2VjdXJpdHkgdnVsbmVyYWJpbGl0eS4N
Cg0KRU1DIHJlY29tbWVuZHMgdGhhdCBhbGwgdXNlcnMgZGV0ZXJtaW5lIHRoZSBhcHBsaWNhYmls
aXR5IG9mIHRoaXMgaW5mb3JtYXRpb24gdG8gdGhlaXIgaW5kaXZpZHVhbCBzaXR1YXRpb25zIGFu
ZCB0YWtlIGFwcHJvcHJpYXRlIGFjdGlvbi4gVGhlIGluZm9ybWF0aW9uIHNldCBmb3J0aCBoZXJl
aW4gaXMgcHJvdmlkZWQgImFzIGlzIiB3aXRob3V0IHdhcnJhbnR5IG9mIGFueSBraW5kLiBFTUMg
ZGlzY2xhaW1zIGFsbCB3YXJyYW50aWVzLCBlaXRoZXIgZXhwcmVzcyBvciBpbXBsaWVkLCBpbmNs
dWRpbmcgdGhlIHdhcnJhbnRpZXMgb2YgbWVyY2hhbnRhYmlsaXR5LCBmaXRuZXNzIGZvciBhIHBh
cnRpY3VsYXIgcHVycG9zZSwgdGl0bGUgYW5kIG5vbi1pbmZyaW5nZW1lbnQuIEluIG5vIGV2ZW50
LCBzaGFsbCBFTUMgb3IgaXRzIHN1cHBsaWVycywgYmUgbGlhYmxlIGZvciBhbnkgZGFtYWdlcyB3
aGF0c29ldmVyIGluY2x1ZGluZyBkaXJlY3QsIGluZGlyZWN0LCBpbmNpZGVudGFsLCBjb25zZXF1
ZW50aWFsLCBsb3NzIG9mIGJ1c2luZXNzIHByb2ZpdHMgb3Igc3BlY2lhbCBkYW1hZ2VzLCBldmVu
IGlmIEVNQyBvciBpdHMgc3VwcGxpZXJzIGhhdmUgYmVlbiBhZHZpc2VkIG9mIHRoZSBwb3NzaWJp
bGl0eSBvZiBzdWNoIGRhbWFnZXMuIFNvbWUgc3RhdGVzIGRvIG5vdCBhbGxvdyB0aGUgZXhjbHVz
aW9uIG9yIGxpbWl0YXRpb24gb2YgbGlhYmlsaXR5IGZvciBjb25zZXF1ZW50aWFsIG9yIGluY2lk
ZW50YWwgZGFtYWdlcywgc28gdGhlIGZvcmVnb2luZyBsaW1pdGF0aW9uIG1heSBub3QgYXBwbHku
DQotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQ0KVmVyc2lvbjogR251UEcgdjINCg0KaVFF
Y0JBRUJDQUFHQlFKWlNVSm1BQW9KRUhiY3UrZnNFODFaaThZSC9peHZGa3psT0VFTjl1Si95YVVI
Qm9pNA0KbGc1NE9pbDZZNzNxMW1KS0o3WVFGelVlamFwVkFMeUFrcjM0ZGNPRk01akhYMEJBajkx
V1FqRmZ0Vm5PQnh6VA0KcXBhMENvZXlneTg3b2k1aEc5UE9nYnduemlJaGhDR3kvd2ZLUmNPMmZB
TGY4aGhzRXg5ak9NbjBISTByS1lMbA0KNFhjRGpYMkxkanEyRmZhOHBnRnYxUjgzNG0yM0FkWFdI
VDlWdXVhMHQ5V09NVVM3eTU5a1diUzZMajZ5THA2cg0KY21QQ29GVzUzTkhnN1A5UWdzZEFlbXhz
SERLdlBCbkQ5cUxBWWNXR2VXN3dWNFRRU0JzTjdPVzNFaWpJSnV6Sw0KR0dNZTVhakVFTmdlaEhX
S1lLRjJMTWJyZ2ZwckFGSnJEeUk3cHdidktjM3J0TEZ2c2JGemNwM2haYTBDRmpJPQ0KPW5CN2cN
Ci0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

--_002_1BF8853173D9704A93EF882F85952A892901DFMX304CL04corpemcc_--