Vulnerability-Lookup

CNVD-2016-04732

Vulnerability from cnvd - Published: 2016-07-13

Title

Symantec Workspace Streaming/Workspace Virtualization路径遍历漏洞

Description

Symantec Workspace Streaming 可实现应用程序按需设置、实时软件许可证管理以及即时应用程序升级。Symantec Workspace Virtualization 实现了应用程序虚拟化，可减少应用程序冲突，降低测试要求，同时减少支持呼叫量。 Symantec Workspace Streaming (SWS)及Workspace Virtualization (SWV)管理控制台在文件下载配置文件中存在路径遍历漏洞，攻击者可利用该漏洞使恶意用户查看特定文件类型的应用文件。

Severity

中

Patch Name

Symantec Workspace Streaming/Workspace Virtualization路径遍历漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160707_00

Reference

http://www.linuxidc.com/Linux/2016-07/133027.htm

Impacted products

Name
['Symantec Workspace Streaming 7.5.x', 'Symantec Workspace Streaming 7.6.0', 'Symantec Workspace Virtualization 7.5.x', 'Symantec Workspace Virtualization 7.6.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "89395"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2205"
    }
  },
  "description": "Symantec Workspace Streaming \u53ef\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u6309\u9700\u8bbe\u7f6e\u3001\u5b9e\u65f6\u8f6f\u4ef6\u8bb8\u53ef\u8bc1\u7ba1\u7406\u4ee5\u53ca\u5373\u65f6\u5e94\u7528\u7a0b\u5e8f\u5347\u7ea7\u3002Symantec Workspace Virtualization \u5b9e\u73b0\u4e86\u5e94\u7528\u7a0b\u5e8f\u865a\u62df\u5316\uff0c\u53ef\u51cf\u5c11\u5e94\u7528\u7a0b\u5e8f\u51b2\u7a81\uff0c\u964d\u4f4e\u6d4b\u8bd5\u8981\u6c42\uff0c\u540c\u65f6\u51cf\u5c11\u652f\u6301\u547c\u53eb\u91cf\u3002\r\n\r\nSymantec Workspace Streaming (SWS)\u53caWorkspace Virtualization (SWV)\u7ba1\u7406\u63a7\u5236\u53f0\u5728\u6587\u4ef6\u4e0b\u8f7d\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u6076\u610f\u7528\u6237\u67e5\u770b\u7279\u5b9a\u6587\u4ef6\u7c7b\u578b\u7684\u5e94\u7528\u6587\u4ef6\u3002",
  "discovererName": "Dmitry Serebryannikov",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2016\u0026suid=20160707_00",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04732",
  "openTime": "2016-07-13",
  "patchDescription": "Symantec Workspace Streaming \u53ef\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u6309\u9700\u8bbe\u7f6e\u3001\u5b9e\u65f6\u8f6f\u4ef6\u8bb8\u53ef\u8bc1\u7ba1\u7406\u4ee5\u53ca\u5373\u65f6\u5e94\u7528\u7a0b\u5e8f\u5347\u7ea7\u3002Symantec Workspace Virtualization \u5b9e\u73b0\u4e86\u5e94\u7528\u7a0b\u5e8f\u865a\u62df\u5316\uff0c\u53ef\u51cf\u5c11\u5e94\u7528\u7a0b\u5e8f\u51b2\u7a81\uff0c\u964d\u4f4e\u6d4b\u8bd5\u8981\u6c42\uff0c\u540c\u65f6\u51cf\u5c11\u652f\u6301\u547c\u53eb\u91cf\u3002\r\n\r\nSymantec Workspace Streaming (SWS)\u53caWorkspace Virtualization (SWV)\u7ba1\u7406\u63a7\u5236\u53f0\u5728\u6587\u4ef6\u4e0b\u8f7d\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u6076\u610f\u7528\u6237\u67e5\u770b\u7279\u5b9a\u6587\u4ef6\u7c7b\u578b\u7684\u5e94\u7528\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Symantec Workspace Streaming/Workspace Virtualization\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Symantec Workspace Streaming 7.5.x",
      "Symantec Workspace Streaming 7.6.0",
      "Symantec Workspace Virtualization 7.5.x",
      "Symantec Workspace Virtualization 7.6.0"
    ]
  },
  "referenceLink": "http://www.linuxidc.com/Linux/2016-07/133027.htm",
  "serverity": "\u4e2d",
  "submitTime": "2016-07-11",
  "title": "Symantec Workspace Streaming/Workspace Virtualization\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2016-2205 (GCVE-0-2016-2205)

Vulnerability from cvelistv5 – Published: 2016-07-12 01:00 – Updated: 2024-08-05 23:24

Summary

Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.

Severity ?

No CVSS data available.

CWE

Assigner

symantec

References

URL

Tags

	http://www.symantec.com/security_response/securit…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/89395	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1036263	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1036262	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:24:48.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
          },
          {
            "name": "89395",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89395"
          },
          {
            "name": "1036263",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036263"
          },
          {
            "name": "1036262",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036262"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-31T09:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
        },
        {
          "name": "89395",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/89395"
        },
        {
          "name": "1036263",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036263"
        },
        {
          "name": "1036262",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036262"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2016-2205",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
            },
            {
              "name": "89395",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/89395"
            },
            {
              "name": "1036263",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036263"
            },
            {
              "name": "1036262",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036262"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2016-2205",
    "datePublished": "2016-07-12T01:00:00",
    "dateReserved": "2016-02-02T00:00:00",
    "dateUpdated": "2024-08-05T23:24:48.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2016-04732

CVE-2016-2205 (GCVE-0-2016-2205)

Tags

Sightings

Nomenclature