VMSA-2016-0015 – VMware Horizon View updates address directory traversal vulnerability

VMware has published important advisory security about VMware Horizon View and it’s recommended update your View servers to the new versions.

Advisory ID: VMSA-2016-0015

Severity:    Important

Synopsis:    VMware Horizon View updates address directory traversal

vulnerability

Issue date:  2016-10-06

Updated on:  2016-10-06 (Initial Advisory)

CVE number:  CVE-2016-7087

  1. Summary
    • VMware Horizon View updates address directory traversal vulnerability.
  1. Relevant Products
    • VMware Horizon View
  1. Problem Description
    • VMware Horizon View updates address directory traversal vulnerability
    • VMware Horizon View contains a vulnerability that may allow for a directory traversal on the Horizon View Connection Server. Exploitation of this issue may lead to a partial information disclosure.
VMware ProductProduct VersionRunning onSeverityReplace with / Apply patchWorkaround
VMware Horizon View7.xWindowsImportant7.0.1None
VMware Horizon View6.xWindowsImportant6.2.3None
VMware Horizon View5.xWindowsImportant5.3.7None

4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware Horizon View 7.0.1

Downloads and Documentation:

https://my.vmware.com/en/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/7_0

VMware Horizon View 6.2.3

Downloads and Documentation:

https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/6_2

VMware Horizon View 5.3.7

Downloads and Documentation:

https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon_with_view/5_3

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7087

 

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018/2019, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *