NEW VMSA-2016-0015 – VMware Horizon View updates address directory traversal vulnerability

VMSA-2016-0015

VMware Horizon View updates address directory traversal vulnerability

 vmsa20160015a

 1. Summary

VMware Horizon View updates address directory traversal vulnerability.

2. Relevant Products
  • VMware Horizon View
3. Problem Description

VMware Horizon View updates address directory traversal vulnerability 

VMware Horizon View contains a vulnerability that may allow for a directory traversal on the Horizon View Connection Server. Exploitation of this issue may lead to a partial information disclosure.

VMware would like to thank Mike Arnold (Bruk0ut) working with Trend Micro’s Zero Day Initiative for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-7087 to this issue.

Column 5 of the following table lists the action required to remediate the   vulnerability in each release, if a solution is available.

vmsa20160015b

 

4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware Horizon View 7.0.1

Downloads and Documentation:

https://my.vmware.com/en/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/7_0

VMware Horizon View 6.2.3

Downloads and Documentation:

https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/6_2

VMware Horizon View 5.3.7

Downloads and Documentation:

https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon_with_view/5_3

 

 

6. Change log

2016-10-06 VMSA-2016-0015 Initial security advisory in conjunction with the release of VMware Horizon View 5.3.7 on 2016-10-06.


Created on October 6, 2016 by Rick Scherer

Posted under Alert.

This blog has 1,074 views.

Tags: , , , ,

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Comment

Name (required)

Email (required)

Website

Comments

More Blog Post