DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) Dec 14 2012 05:10PM
ddivulnalert ddifrontline com
DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)


Date Discovered
September 26, 2012

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: r@b13$

Vulnerability Description
The tunnel-server component of the VMware View Connection Server fails
to ensure that each requested URL refers to a file that is both
located within the web root of the server and is of a type that is
allowed to be served.

A remote unauthenticated attacker can use this weakness to retrieve
arbitrary files from the affected server's underlying root file
system. This can be accomplished by submitting URL encoded HTTP GET
requests that traverse out of the affected subdirectory.

Solution Description
VMware has produced a solution for the issue in the form of an upgrade
which is available through their website. The VMware advisory can be
found: http://www.vmware.com/security/advisories/VMSA-2012-0017.html

Vulnerable Software
VMware View 5.x prior to version 5.1.2
VMware View 4.x prior to version 4.6.2

Vendor Contact
Vendor Name: VMware, Inc.
Vendor Website: http://www.vmware.com/

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus