DATABASE RESOURCES PRICING ABOUT US

{"id": "SECURITYVULNS:DOC:28864", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)", "description": "\r\n\r\nTitle\r\n-----\r\nDDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)\r\n\r\nSeverity\r\n--------\r\nHigh\r\n\r\nDate Discovered\r\n---------------\r\nSeptember 26, 2012\r\n\r\nDiscovered By\r\n-------------\r\nDigital Defense, Inc. Vulnerability Research Team\r\nCredit: r@b13$\r\n\r\nVulnerability Description\r\n-------------------------\r\nThe tunnel-server component of the VMware View Connection Server fails\r\nto ensure that each requested URL refers to a file that is both\r\nlocated within the web root of the server and is of a type that is\r\nallowed to be served. \r\n\r\nA remote unauthenticated attacker can use this weakness to retrieve\r\narbitrary files from the affected server's underlying root file\r\nsystem. This can be accomplished by submitting URL encoded HTTP GET\r\nrequests that traverse out of the affected subdirectory.\r\n\r\nSolution Description\r\n--------------------\r\nVMware has produced a solution for the issue in the form of an upgrade\r\nwhich is available through their website. The VMware advisory can be\r\nfound: http://www.vmware.com/security/advisories/VMSA-2012-0017.html\r\n\r\nVulnerable Software\r\n-------------------------\r\nVMware View 5.x prior to version 5.1.2\r\nVMware View 4.x prior to version 4.6.2\r\n\r\nVendor Contact\r\n--------------\r\nVendor Name: VMware, Inc.\r\nVendor Website: http://www.vmware.com/\r\n", "published": "2012-12-17T00:00:00", "modified": "2012-12-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28864", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2012-5978"], "immutableFields": [], "lastseen": "2018-08-31T11:10:46", "viewCount": 31, "enchantments": {"score": {"value": 0.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-5978"]}, {"type": "kaspersky", "idList": ["KLA10384"]}, {"type": "nessus", "idList": ["VMWARE_VIEW_VMSA_2012_0017.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12784"]}, {"type": "thn", "idList": ["THN:3FFCE432A1B8BC788DA9CABF81558847"]}, {"type": "threatpost", "idList": ["THREATPOST:F0E1C427B0D3230146BB7D95F15B9AE7"]}, {"type": "vmware", "idList": ["VMSA-2012-0017"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-5978"]}, {"type": "kaspersky", "idList": ["KLA10384"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12784"]}, {"type": "thn", "idList": ["THN:3FFCE432A1B8BC788DA9CABF81558847"]}, {"type": "threatpost", "idList": ["THREATPOST:F0E1C427B0D3230146BB7D95F15B9AE7"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2012-5978", "epss": "0.002690000", "percentile": "0.627000000", "modified": "2023-03-19"}], "vulnersScore": 0.6}, "_state": {"dependencies": 1678962117, "score": 1684016453, "affected_software_major_version": 0, "epss": 1679322135}, "_internal": {"score_hash": "2d848a648895a04020fd2e40da3d9475"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}

{"cve": [{"lastseen": "2023-08-13T08:29:00", "description": "Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.", "cvss3": {}, "published": "2012-12-19T11:56:00", "type": "cve", "title": "CVE-2012-5978", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5978"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:vmware:view:5.1.0", "cpe:/a:vmware:view:4.6.1", "cpe:/a:vmware:view:5.0.1", "cpe:/a:vmware:view:4.6.0", "cpe:/a:vmware:view:4.5", "cpe:/a:vmware:view:4.0.0", "cpe:/a:vmware:view:5.0.0"], "id": "CVE-2012-5978", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5978", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:vmware:view:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:view:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:view:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:view:4.0.0:u2:*:*:*:*:*:*", "cpe:2.3:a:vmware:view:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:view:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:view:5.0.0:u2:*:*:*:*:*:*", "cpe:2.3:a:vmware:view:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:view:5.0.0:*:*:*:*:*:*:*"]}], "thn": [{"lastseen": "2017-01-08T18:01:27", "bulletinFamily": "info", "cvelist": ["CVE-2012-5978"], "description": "(DDI) Vulnerability Research Team (VRT) for reported a critical vulnerability in **_VMware View Server_** , that is a directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the server.\n\n \n\n\nVMware has issued a patch for its VMware View product. It is listed as '[VMSA-2012-0017](<http://www.vmware.com/security/advisories/VMSA-2012-0017.html>)' in security advisory.\n\n \n\n\n[](<http://2.bp.blogspot.com/-poDGjbLsidg/UNOLofmGV2I/AAAAAAAAP8I/avs-10_Mi-c/s1600/VMware's+critical+directory+traversal+vulnerability.jpg>)\n\n \n\n\nThis vulnerability affects both the View Connection Server and the View Security Server; VMware recommends that customers immediately update both servers to a fixed version of View. The Common Vulnerabilities and Exposures project has assigned the name CVE-2012-5978 to this issue.\n\n \n\n\nVMware's update to VMware View is available for free to license holders of the product and can be [downloaded here](<http://www.vmware.com/security/advisories/VMSA-2012-0017.html>).\n\n \n\n\nDisabling the Security Server will prevent exploitation of this vulnerability over untrusted remote networks or It may be possible to prevent exploitation of this issue by blocking directory traversal attacks with an intrusion protection system or application layer firewall.\n", "modified": "2013-01-11T18:02:28", "published": "2012-12-20T11:07:00", "id": "THN:3FFCE432A1B8BC788DA9CABF81558847", "href": "http://thehackernews.com/2012/12/vmware-view-critical-directory.html", "type": "thn", "title": "VMware View critical directory traversal vulnerability", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2023-05-11T00:20:18", "description": "(DDI) Vulnerability Research Team (VRT) for reported a critical vulnerability in **_VMware View Server_** , that is a directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the server.\n\n \n\n\nVMware has issued a patch for its VMware View product. It is listed as '[VMSA-2012-0017](<https://www.vmware.com/security/advisories/VMSA-2012-0017.html>)' in security advisory.\n\n \n\n\n[](<https://thehackernews.com/images/-poDGjbLsidg/UNOLofmGV2I/AAAAAAAAP8I/avs-10_Mi-c/s728-e365/VMware's+critical+directory+traversal+vulnerability.jpg>)\n\n \n\n\nThis vulnerability affects both the View Connection Server and the View Security Server; VMware recommends that customers immediately update both servers to a fixed version of View. The Common Vulnerabilities and Exposures project has assigned the name CVE-2012-5978 to this issue.\n\n \n\n\nVMware's update to VMware View is available for free to license holders of the product and can be [downloaded here](<https://www.vmware.com/security/advisories/VMSA-2012-0017.html>).\n\n \n\n\nDisabling the Security Server will prevent exploitation of this vulnerability over untrusted remote networks or It may be possible to prevent exploitation of this issue by blocking directory traversal attacks with an intrusion protection system or application layer firewall.\n", "cvss3": {}, "published": "2012-12-20T22:07:00", "type": "thn", "title": "VMware View critical directory traversal vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5978"], "modified": "2013-01-11T18:02:28", "id": "THN:D0E182EB42755A0EDA1AC6ACB10ACB07", "href": "https://thehackernews.com/2012/12/vmware-view-critical-directory.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "threatpost": [{"lastseen": "2018-10-06T23:01:42", "description": "Virtualization vendor VMware has patched a critical vulnerability in its VMware View desktop virtualization product that could have led to a directory traversal attack and an attacker reading or downloading files without the need for authentication.\n\nVMware View 5.x prior to 5.1.2 and 4.x prior to 4.6.2 were affected, the company said in an [advisory](<http://www.vmware.com/security/advisories/VMSA-2012-0017.html>). Customers are advised to upgrade to the latest version.\n\nThe vulnerability was discovered by Digital Defense, a security service provider. Senior vulnerability researcher Javier Castro said the company\u2019s vulnerability research team discovered the flaw in some customers\u2019 network scan results.\n\n\u201cWe thought it was interesting to find a directory traversal externally on an organization, and it wasn\u2019t in a minor product, but a major product like VMware,\u201d Castro said. \u201cOrdinarily, you could have one because of user error, but in the case of a major product, it\u2019s not usually user error. It\u2019s usually the vendor\u2019s fault.\u201d\n\nThe flaw was reported to VMware in September, and the update was released earlier this week for View Connection Server and View Security Server.\n\n\u201cThe tunnel-server component of the VMware View Connection Server fails to ensure that each requested URL refers to a file that is both located within the web root of the server and is of a type that is allowed to be served,\u201d the [Digital Defense advisory](<http://ddilabs.blogspot.com/2012/12/vmware-view-connection-server-directory.html>) said. \u201cA remote unauthenticated attacker can use this weakness to retrieve arbitrary files from the affected server\u2019s underlying root file system. This can be accomplished by submitting URL encoded HTTP GET requests that traverse out of the affected subdirectory.\u201d\n\n[Directory traversal exploits](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5978>) are dangerous because an attacker can remotely execute commands outside a root directory into sub-directories that should not be reachable online, as this particular VMware flaw was.\n\n\u201cThis is a major issue because this is a component that is externally facing online,\u201d Castro said. \u201cArbitrary attackers can probe machines and pull files, or if you have VMware drives residing on there, they can download the contents of those drives. This is the type of thing you don\u2019t want because it can allow attacks to take place further on an internal network.\u201d\n\nOrganizations that cannot immediately update VMware View Servers have two temporary workarounds to consider. The first is disabling VMware View Security Server; remote users may temporarily connect to the Connection Server via VPN, VMware said. The second is to block directory traversal attempts at the application firewall or with an intrusion prevention system.\n", "cvss3": {}, "published": "2012-12-19T22:19:00", "type": "threatpost", "title": "VMware Patches Directory Traversal Vulnerability in View Server and Security Server", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-5978"], "modified": "2013-04-17T16:31:03", "id": "THREATPOST:F0E1C427B0D3230146BB7D95F15B9AE7", "href": "https://threatpost.com/vmware-patches-directory-traversal-vulnerability-view-server-and-security-server-121912/77335/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "vmware": [{"lastseen": "2023-08-13T10:03:53", "description": "a. VMware View Server directory traversalVMware View contains a critical directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the server.WorkaroundsThis vulnerability affects both the View Connection Server and the View Security Server; VMware recommends that customers immediately update both servers to a fixed version of View.Customers who are unable to immediately update their View Servers should consider the following options:", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "vmware", "title": "VMware View Server directory traversal", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5978"], "modified": "2012-12-13T00:00:00", "id": "VMSA-2012-0017", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0017.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "kaspersky": [{"lastseen": "2023-08-13T11:17:30", "description": "### *Detect date*:\n12/19/2012\n\n### *Severity*:\nWarning\n\n### *Description*:\nA directory traversal vulnerability was found in VMware Viewer. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via unspecified vectors.\n\n### *Affected products*:\nVMware View 4 versions earlier than 4.6.2 \nVMware View 5 versions earlier than 5.1.2\n\n### *Solution*:\nUpdate to latest version \n[VMWare Products](<https://my.vmware.com/web/vmware/downloads>)\n\n### *Original advisories*:\n[VMware bulletin](<http://www.vmware.com/security/advisories/VMSA-2012-0017.html>) \n\n\n### *Impacts*:\nRLF \n\n### *Related products*:\n[VMware View](<https://threats.kaspersky.com/en/product/VMware-View/>)\n\n### *CVE-IDS*:\n[CVE-2012-5978](<https://vulners.com/cve/CVE-2012-5978>)5.0Critical", "cvss3": {}, "published": "2012-12-19T00:00:00", "type": "kaspersky", "title": "KLA10384 RLF vulnerability in VMware View", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5978"], "modified": "2020-06-03T00:00:00", "id": "KLA10384", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10384/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-05-18T15:32:06", "description": "The version of VMware View Server installed on the remote host is potentially affected by a directory traversal vulnerability in the Connection Server and View Security Server. This may allow a remote attacker to read arbitrary files from the system.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "VMware View Server Directory Traversal Vulnerability (VMSA-2012-0017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5978"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:vmware:view"], "id": "VMWARE_VIEW_VMSA_2012_0017.NASL", "href": "https://www.tenable.com/plugins/nessus/63685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(63685);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\"CVE-2012-5978\");\n script_bugtraq_id(56942);\n script_xref(name:\"VMSA\", value:\"2012-0017\");\n\n script_name(english:\"VMware View Server Directory Traversal Vulnerability (VMSA-2012-0017)\");\n script_summary(english:\"Checks VMware View Server version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a desktop solution that affected by a directory\ntraversal vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of VMware View Server installed on the remote host is\npotentially affected by a directory traversal vulnerability in the\nConnection Server and View Security Server. This may allow a remote\nattacker to read arbitrary files from the system.\"\n );\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0017.html\");\n # https://accounts.google.com/ServiceLogin?service=blogger&hl=en-US&passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttp://ddilabs.blogspot.com/2012/12/vmware-view-connection-server-directory.html%26zx%3D1foh08hhbcplh\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81428c5f\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to VMware View 4.6.2 / 5.1.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:view\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_view_server_detect.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"VMware/ViewServer/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\n\nappname = \"VMware View Server\";\npath = get_kb_item_or_exit(\"VMware/ViewServer/Path\");\nversion = get_kb_item_or_exit(\"VMware/ViewServer/Version\");\n\nvulnerable = NULL;\nfix = NULL;\n\nif (version =~ '^4\\\\.')\n{\n fix = '4.6.2';\n vulnerable = ver_compare(ver:version, fix:fix, strict:FALSE);\n} \nelse if (version =~ '^5\\\\.')\n{\n fix = '5.1.2';\n vulnerable = ver_compare(ver:version, fix:fix, strict:FALSE);\n}\n\nif (vulnerable < 0)\n{\n port = kb_smb_transport();\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path + \n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning();\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2021-06-08T19:15:27", "description": "VMware View Connection Server directory traversal.", "cvss3": {}, "published": "2012-12-17T00:00:00", "type": "securityvulns", "title": "VMWare View directory traversal", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-5978"], "modified": "2012-12-17T00:00:00", "id": "SECURITYVULNS:VULN:12784", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12784", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}