Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   VMware Horizon Vendors:   VMware
(VMware Issues Fix for VMware Horizon View) Adobe LiveCycle XML Document Processing Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks
SecurityTracker Alert ID:  1034513
SecurityTracker URL:
CVE Reference:   CVE-2015-5255   (Links to External Site)
Date:  Dec 21 2015
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Adobe LiveCycle. A remote user can conduct cross-site request forgery attacks. VMware Horizon View is affected.

A remote user can create a specially crafted XML document that, when loaded by the target authenticated user, will take actions on the target interface acting as the target user.

The vulnerability resides in the BlazeDS component.

James Kettle of PortSwigger Web Security reported this vulnerability.

Impact:   A remote user can take actions on the target system acting as the target authenticated user.
Solution:   VMware has issued a fix for CVE-2015-5255 for VMware Horizon View (5.3.4, 6.1).

The VMware advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Nov 20 2015 Adobe LiveCycle XML Document Processing Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks

 Source Message Contents

Subject:  [Security-announce] UPDATE : VMSA-2015-0008.1 - VMware product updates address information disclosure issue

Content-Language: en-US
Content-Type: multipart/signed;
	protocol="application/pgp-signature"; micalg=pgp-sha1

Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;

                   VMware Security Advisory

Advisory ID: VMSA-2015-0008.1
Synopsis:    VMware product updates address information disclosure

Issue date:  2015-11-18
Updated on:  2015-12-18
CVE number:  CVE-2015-3269 CVE-2015-5255

1. Summary

  VMware product updates address information disclosure issue.

2. Relevant Releases

  VMware vCenter Server 5.5 prior to version 5.5 update 3
  VMware vCenter Server 5.1 prior to version 5.1 update u3b
  VMware vCenter Server 5.0 prior to version 5.0 update u3e

  vCloud Director 5.6 prior to version 5.6.4
  vCloud Director 5.5 prior to version 5.5.3

  VMware Horizon View 6.0 prior to version 6.1
  VMware Horizon View 5.0 prior to version 5.3.4

3. Problem Description

   a. vCenter Server, vCloud Director, Horizon View information
      disclosure issue.

     VMware products that use Flex BlazeDS may be affected by a flaw in
     the processing of XML External Entity (XXE) requests. A specially
     crafted XML request sent to the server could lead to unintended
     information be disclosed.

     VMware would like to thank Matthias Kaiser of Code White GmbH for
     reporting this issue to us.

     The Common Vulnerabilities and Exposures project (
     has assigned the identifier CVE-2015-3269 to this issue.

     The product updates listed in the table below have also been
     determined to address a XML External Entity (XXE) Processing and
     Server Side Request Forgery vulnerability in Flex BlazeDS.

     VMware would like to thank James Kettle of PortSwigger Web Security
     for reporting these issues to us.

     The Common Vulnerabilities and Exposures project (
     has assigned the identifier CVE-2015-5255 to these issues.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is

        VMware          Product	  Running   Replace with/
        Product         Version	  on        Apply Patch
        =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D	=3D=3D=3D=3D=3D=3D=3D	 =
 =3D=3D=3D=3D=3D=3D=3D   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

        vCenter Server    6.0      any      not affected
        vCenter Server    5.5      any      5.5 update 3
        vCenter Server    5.1      any      5.1 update u3b
        vCenter Server    5.0      any      5.5 update u3e

        vCloud Director   5.6      any      5.6.4
        vCloud Director   5.5      any      5.5.3

        Horizon View      6.0      any      6.1
        Horizon View      5.3      any      5.3.4

4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   vCenter Server
   Downloads and Documentation:

   vCloud Director For Service Providers
   Downloads and Documentation:

   Horizon View 6.1, 5.3.4:

5. References


6. Change log

   2015-11-18 VMSA-2015-0008
   Initial security advisory

   2015-12-18 VMSA-2015-0008.1
   Updated advisory to note these updates also address CVE-2015-5255


7. Contact

   E-mail list for product security notifications and announcements:

   This Security Advisory is posted to the following lists:

    security-announce at
    bugtraq at
    fulldisclosure at

   E-mail: security at
   PGP key at:

   VMware Security Advisories

   Consolidated list of VMware Security Advisories

   VMware Security Response Policy

   VMware Lifecycle Support Phases


   Copyright 2015 VMware Inc.  All rights reserved.

Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail

Comment: GPGTools -



Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Security-announce mailing list


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC