CVE-2016-7087
VMware Horizon View loggerBean Directory Traversal Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.
Vulnerabilidad de salto de directorio en el Connection Server en VMware Horizon View 5.x en versiones anteriores a 5.3.7, 6.x en versiones anteriores a 6.2.3 y 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos obtener información sensible a través de vectores no especificados.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware Horizon View. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the loggerBean service. The loadConfig method does not properly sanitize the path supplied. An attacker can leverage this vulnerability to disclose arbitrary files from the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-08-23 CVE Reserved
- 2016-10-07 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/93455 | Third Party Advisory | |
http://www.securitytracker.com/id/1036972 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.vmware.com/security/advisories/VMSA-2016-0015.html | 2017-07-30 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 5.0 Search vendor "Vmware" for product "Horizon View" and version "5.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 5.0.1 Search vendor "Vmware" for product "Horizon View" and version "5.0.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 5.1 Search vendor "Vmware" for product "Horizon View" and version "5.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 5.1.3 Search vendor "Vmware" for product "Horizon View" and version "5.1.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 5.2.0 Search vendor "Vmware" for product "Horizon View" and version "5.2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 5.3 Search vendor "Vmware" for product "Horizon View" and version "5.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 6.0 Search vendor "Vmware" for product "Horizon View" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 6.0.2 Search vendor "Vmware" for product "Horizon View" and version "6.0.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 6.1 Search vendor "Vmware" for product "Horizon View" and version "6.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 6.1.1 Search vendor "Vmware" for product "Horizon View" and version "6.1.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 6.2 Search vendor "Vmware" for product "Horizon View" and version "6.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Horizon View Search vendor "Vmware" for product "Horizon View" | 7.0 Search vendor "Vmware" for product "Horizon View" and version "7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|