CVE-2016-7087 – VMware Horizon View loggerBean Directory Traversal Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2016-7087

Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad de salto de directorio en el Connection Server en VMware Horizon View 5.x en versiones anteriores a 5.3.7, 6.x en versiones anteriores a 6.2.3 y 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos obtener información sensible a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware Horizon View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the loggerBean service. The loadConfig method does not properly sanitize the path supplied. • http://www.securityfocus.com/bid/93455 http://www.securitytracker.com/id/1036972 http://www.vmware.com/security/advisories/VMSA-2016-0015.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •