SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware vCenter Vendors:   VMware
(VMware Issues Fix for VMware vCenter) Adobe LiveCycle XML Document Processing Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks
SecurityTracker Alert ID:  1034509
SecurityTracker URL:  http://securitytracker.com/id/1034509
CVE Reference:   CVE-2015-5255   (Links to External Site)
Date:  Dec 21 2015
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Adobe LiveCycle. A remote user can conduct cross-site request forgery attacks. VMware vCenter is affected.

A remote user can create a specially crafted XML document that, when loaded by the target authenticated user, will take actions on the target interface acting as the target user.

The vulnerability resides in the BlazeDS component.

James Kettle of PortSwigger Web Security reported this vulnerability.

Impact:   A remote user can take actions on the target system acting as the target authenticated user.
Solution:   VMware has issued a fix for CVE-2015-5255 for VMware vCenter (5.0 update u3e, 5.1 update u3b, 5.5 update 3).

The VMware advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2015-0008.html

Vendor URL:  www.vmware.com/security/advisories/VMSA-2015-0008.html (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Nov 20 2015 Adobe LiveCycle XML Document Processing Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks



 Source Message Contents

Subject:  [Security-announce] UPDATE : VMSA-2015-0008.1 - VMware product updates address information disclosure issue

--===============3641773710588006925==
Content-Language: en-US
Content-Type: multipart/signed;
	boundary="Apple-Mail=_FA49980C-3A3B-45F0-9352-D30AC412AEA1";
	protocol="application/pgp-signature"; micalg=pgp-sha1

--Apple-Mail=_FA49980C-3A3B-45F0-9352-D30AC412AEA1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2015-0008.1
Synopsis:    VMware product updates address information disclosure
             issue

Issue date:  2015-11-18
Updated on:  2015-12-18
CVE number:  CVE-2015-3269 CVE-2015-5255
------------------------------------------------------------------------

1. Summary

  VMware product updates address information disclosure issue.


2. Relevant Releases

  VMware vCenter Server 5.5 prior to version 5.5 update 3
  VMware vCenter Server 5.1 prior to version 5.1 update u3b
  VMware vCenter Server 5.0 prior to version 5.0 update u3e

  vCloud Director 5.6 prior to version 5.6.4
  vCloud Director 5.5 prior to version 5.5.3

  VMware Horizon View 6.0 prior to version 6.1
  VMware Horizon View 5.0 prior to version 5.3.4



3. Problem Description

   a. vCenter Server, vCloud Director, Horizon View information
      disclosure issue.

     VMware products that use Flex BlazeDS may be affected by a flaw in
     the processing of XML External Entity (XXE) requests. A specially
     crafted XML request sent to the server could lead to unintended
     information be disclosed.

     VMware would like to thank Matthias Kaiser of Code White GmbH for
     reporting this issue to us.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the identifier CVE-2015-3269 to this issue.

     The product updates listed in the table below have also been
     determined to address a XML External Entity (XXE) Processing and
     Server Side Request Forgery vulnerability in Flex BlazeDS.

     VMware would like to thank James Kettle of PortSwigger Web Security
     for reporting these issues to us.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the identifier CVE-2015-5255 to these issues.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

        VMware          Product	  Running   Replace with/
        Product         Version	  on        Apply Patch
        =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D	=3D=3D=3D=3D=3D=3D=3D	 =
 =3D=3D=3D=3D=3D=3D=3D   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

        vCenter Server    6.0      any      not affected
        vCenter Server    5.5      any      5.5 update 3
        vCenter Server    5.1      any      5.1 update u3b
        vCenter Server    5.0      any      5.5 update u3e

        vCloud Director   5.6      any      5.6.4
        vCloud Director   5.5      any      5.5.3

        Horizon View      6.0      any      6.1
        Horizon View      5.3      any      5.3.4


4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.


   vCenter Server
   --------------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-vsphere

   vCloud Director For Service Providers
   --------------------------------
   Downloads and Documentation:
   https://www.vmware.com/support/pubs/vcd_pubs.html

   Horizon View 6.1, 5.3.4:
   --------------------------------
   Downloads:
   =
https://my.vmware.com/web/vmware/details?downloadGroup=3DVIEW-610-GA&produ=
ctId=3D492
   =
https://my.vmware.com/web/vmware/details?downloadGroup=3DVIEW-534-PREMIER&=
productId=3D396


5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2015-3269
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2015-5255

------------------------------------------------------------------------

6. Change log

   2015-11-18 VMSA-2015-0008
   Initial security advisory

   2015-12-18 VMSA-2015-0008.1
   Updated advisory to note these updates also address CVE-2015-5255

------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   http://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2015 VMware Inc.  All rights reserved.

--Apple-Mail=_FA49980C-3A3B-45F0-9352-D30AC412AEA1
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iEYEARECAAYFAlZ0jGwACgkQDEcm8Vbi9kNITQCg1SRwrUidVmNc7T+y1REEG2U5
ziQAnRK45A6KTDP8sIZ//gG4MUtQNqC3
=917x
-----END PGP SIGNATURE-----

--Apple-Mail=_FA49980C-3A3B-45F0-9352-D30AC412AEA1--

--===============3641773710588006925==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce

--===============3641773710588006925==--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC