VMware Horizon View Directory Traversal File Disclosure (VMSA-2016-0015)
Medium Nessus Plugin ID 94053
SynopsisAn application installed on the remote Windows host is affected by an information disclosure vulnerability.
DescriptionThe version of VMware Horizon View installed on the remote Windows host is 5.x prior to 5.3.7, 6.x prior to 6.2.3, or 7.x prior to 7.0.1.
It is, therefore, affected by an information disclosure vulnerability in the loadConfig() function within the loggerBean service due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to perform a directory traversal and thereby disclose the contents of arbitrary files.
SolutionUpgrade to VMware Horizon View version 5.3.7 / 6.2.3 / 7.0.1 or later.