VMware Horizon View Multiple Vulnerabilities (VMSA-2015-0003) (VMSA-2015-0008) (POODLE)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by multiple vulnerabilities.

Description :

The VMware Horizon View installed on the remote Windows host is
version 5.x prior to 5.3.4 or version 6.x prior to 6.1. It is,
therefore, affected by the following vulnerabilities :

- A man-in-the-middle (MitM) information disclosure
vulnerability, known as POODLE, exists due to the way
SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining
(CBC) mode. A MitM attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections.
(CVE-2014-3566)

- An XML external entity (XXE) injection vulnerability
exists in the included Flex BlazeDS component due to an
incorrect configuration of the XML parser that allows
external XML entities to be accepted from untrusted
sources. An unauthenticated, remote attacker can exploit
this vulnerability, via a via a crafted AMF message, to
gain access to sensitive information. (CVE-2015-3269)

- A flaw exists in the bundled Adobe ColdFusion and
LiveCycle Data Services components related to request
handling between a user and the server. A remote
attacker can exploit this, via a specially crafted
request, to bypass access restrictions (e.g. host or
network ACLs), conduct port scanning of internal
networks, enumerate internal hosts, or possibly invoke
additional protocols (e.g. Gopher, TFTP).
(CVE-2015-5255)

Additionally, unspecified vulnerabilities also exist in the following
bundled Java components :

- 2D (CVE-2014-6585, CVE-2014-6591)

- Deployment (CVE-2015-0403, CVE-2015-0406)

- Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,
CVE-2015-0437)

- Installation (CVE-2015-0421)

- JAX-WS (CVE-2015-0412)

- JSSE (CVE-2014-6593)

- Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400)

- RMI (CVE-2015-0408)

- Security (CVE-2015-0410)

- Serviceability (CVE-2015-0413)

- Swing (CVE-2015-0407)

See also :

https://www.vmware.com/security/advisories/VMSA-2015-0003
https://www.vmware.com/security/advisories/VMSA-2015-0008
http://seclists.org/fulldisclosure/2015/Apr/5
http://www.nessus.org/u?c02f1515
http://www.nessus.org/u?12e35b07
http://www.nessus.org/u?726f7054
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to VMware Horizon View version 5.3.4 / 6.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false