- Home
- CVEs with nessus.description==The VMware Horizon View installed on the remote Windows host is
version 5.x prior to 5.3.4 or version 6.x prior to 6.1. It is,
therefore, affected by the following vulnerabilities :
- A man-in-the-middle (MitM) information disclosure
vulnerability, known as POODLE, exists due to the way
SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining
(CBC) mode. A MitM attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections.
(CVE-2014-3566)
- An XML external entity (XXE) injection vulnerability
exists in the included Flex BlazeDS component due to an
incorrect configuration of the XML parser that allows
external XML entities to be accepted from untrusted
sources. An unauthenticated, remote attacker can exploit
this vulnerability, via a via a crafted AMF message, to
gain access to sensitive information. (CVE-2015-3269)
- A flaw exists in the bundled Adobe ColdFusion and
LiveCycle Data Services components related to request
handling between a user and the server. A remote
attacker can exploit this, via a specially crafted
request, to bypass access restrictions (e.g. host or
network ACLs), conduct port scanning of internal
networks, enumerate internal hosts, or possibly invoke
additional protocols (e.g. Gopher, TFTP).
(CVE-2015-5255)
Additionally, unspecified vulnerabilities also exist in the following
bundled Java components :
- 2D (CVE-2014-6585, CVE-2014-6591)
- Deployment (CVE-2015-0403, CVE-2015-0406)
- Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,
CVE-2015-0437)
- Installation (CVE-2015-0421)
- JAX-WS (CVE-2015-0412)
- JSSE (CVE-2014-6593)
- Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400)
- RMI (CVE-2015-0408)
- Security (CVE-2015-0410)
- Serviceability (CVE-2015-0413)
- Swing (CVE-2015-0407)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top