cnvd - cnvd-2016-04732

cnvd-2016-04732

Vulnerability from cnvd

Title: Symantec Workspace Streaming/Workspace Virtualization路径遍历漏洞

Description:

Symantec Workspace Streaming 可实现应用程序按需设置、实时软件许可证管理以及即时应用程序升级。Symantec Workspace Virtualization 实现了应用程序虚拟化，可减少应用程序冲突，降低测试要求，同时减少支持呼叫量。

Symantec Workspace Streaming (SWS)及Workspace Virtualization (SWV)管理控制台在文件下载配置文件中存在路径遍历漏洞，攻击者可利用该漏洞使恶意用户查看特定文件类型的应用文件。

Severity: 中

Patch Name: Symantec Workspace Streaming/Workspace Virtualization路径遍历漏洞的补丁

Patch Description:

Symantec Workspace Streaming (SWS)及Workspace Virtualization (SWV)管理控制台在文件下载配置文件中存在路径遍历漏洞，攻击者可利用该漏洞使恶意用户查看特定文件类型的应用文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160707_00

Reference: http://www.linuxidc.com/Linux/2016-07/133027.htm

Impacted products

Name
['Symantec Workspace Streaming 7.5.x', 'Symantec Workspace Streaming 7.6.0', 'Symantec Workspace Virtualization 7.5.x', 'Symantec Workspace Virtualization 7.6.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "89395"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2205"
    }
  },
  "description": "Symantec Workspace Streaming \u53ef\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u6309\u9700\u8bbe\u7f6e\u3001\u5b9e\u65f6\u8f6f\u4ef6\u8bb8\u53ef\u8bc1\u7ba1\u7406\u4ee5\u53ca\u5373\u65f6\u5e94\u7528\u7a0b\u5e8f\u5347\u7ea7\u3002Symantec Workspace Virtualization \u5b9e\u73b0\u4e86\u5e94\u7528\u7a0b\u5e8f\u865a\u62df\u5316\uff0c\u53ef\u51cf\u5c11\u5e94\u7528\u7a0b\u5e8f\u51b2\u7a81\uff0c\u964d\u4f4e\u6d4b\u8bd5\u8981\u6c42\uff0c\u540c\u65f6\u51cf\u5c11\u652f\u6301\u547c\u53eb\u91cf\u3002\r\n\r\nSymantec Workspace Streaming (SWS)\u53caWorkspace Virtualization (SWV)\u7ba1\u7406\u63a7\u5236\u53f0\u5728\u6587\u4ef6\u4e0b\u8f7d\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u6076\u610f\u7528\u6237\u67e5\u770b\u7279\u5b9a\u6587\u4ef6\u7c7b\u578b\u7684\u5e94\u7528\u6587\u4ef6\u3002",
  "discovererName": "Dmitry Serebryannikov",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2016\u0026suid=20160707_00",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04732",
  "openTime": "2016-07-13",
  "patchDescription": "Symantec Workspace Streaming \u53ef\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u6309\u9700\u8bbe\u7f6e\u3001\u5b9e\u65f6\u8f6f\u4ef6\u8bb8\u53ef\u8bc1\u7ba1\u7406\u4ee5\u53ca\u5373\u65f6\u5e94\u7528\u7a0b\u5e8f\u5347\u7ea7\u3002Symantec Workspace Virtualization \u5b9e\u73b0\u4e86\u5e94\u7528\u7a0b\u5e8f\u865a\u62df\u5316\uff0c\u53ef\u51cf\u5c11\u5e94\u7528\u7a0b\u5e8f\u51b2\u7a81\uff0c\u964d\u4f4e\u6d4b\u8bd5\u8981\u6c42\uff0c\u540c\u65f6\u51cf\u5c11\u652f\u6301\u547c\u53eb\u91cf\u3002\r\n\r\nSymantec Workspace Streaming (SWS)\u53caWorkspace Virtualization (SWV)\u7ba1\u7406\u63a7\u5236\u53f0\u5728\u6587\u4ef6\u4e0b\u8f7d\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u6076\u610f\u7528\u6237\u67e5\u770b\u7279\u5b9a\u6587\u4ef6\u7c7b\u578b\u7684\u5e94\u7528\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Symantec Workspace Streaming/Workspace Virtualization\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Symantec Workspace Streaming 7.5.x",
      "Symantec Workspace Streaming 7.6.0",
      "Symantec Workspace Virtualization 7.5.x",
      "Symantec Workspace Virtualization 7.6.0"
    ]
  },
  "referenceLink": "http://www.linuxidc.com/Linux/2016-07/133027.htm",
  "serverity": "\u4e2d",
  "submitTime": "2016-07-11",
  "title": "Symantec Workspace Streaming/Workspace Virtualization\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2016-2205 (GCVE-0-2016-2205)

Vulnerability from cvelistv5

Published

2016-07-12 01:00

Modified

2024-08-05 23:24

Severity ?

CWE

Summary

Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.

References

▼	URL	Tags
	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/89395	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1036263	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1036262	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:24:48.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
          },
          {
            "name": "89395",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89395"
          },
          {
            "name": "1036263",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036263"
          },
          {
            "name": "1036262",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036262"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-31T09:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
        },
        {
          "name": "89395",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/89395"
        },
        {
          "name": "1036263",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036263"
        },
        {
          "name": "1036262",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036262"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2016-2205",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
            },
            {
              "name": "89395",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/89395"
            },
            {
              "name": "1036263",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036263"
            },
            {
              "name": "1036262",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036262"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2016-2205",
    "datePublished": "2016-07-12T01:00:00",
    "dateReserved": "2016-02-02T00:00:00",
    "dateUpdated": "2024-08-05T23:24:48.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted