Sorry for delay response. The warning is reported by Nessus Report. Update: Same Warning also reported on ESXi 5.5U3.

Hello,

Just running Nessus and demanding a fix doesn't make much sense.

Nessus runs a number of tests and the results need to be interpreted and verified by a security researcher to see if it actually is a problem or if something is wrong with the test.

There's usually a lot of false positives.

So yes Nessus is a useful tool, but no it isn't giving you a conclusive report.

Note that it says "potentially" in the title, in other words, the report has a "we're not sure, but it might be vulnerable to" .. line.

Click jacking normally is also a bigger problem on websites accessible to the internet as it is on a local network.

I'm just assuming that your http interface of your ESXi server isn't accessible to the internet and if it is.. I think you have bigger problems already.

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

That Nessus plugin (85582) is rather new so it will probably be quite a while before vendors fix their applications.

For reference: https://discussions.tenable.com/thread/9429

Thank you for the info.