View 5.1.2 Directory Traversal


I thought this was a relax Friday at the office today before CHRISTmas but I guess it is not.  After reading the reference patch from VMware advisory, I realize the urgency of the patch.  This is very important if you have a View Security Server expose from the outside network.  Without the patch you are asking for trouble so if you can’t patch it right away for whatever reason, you should shut down the Security Server or block users from reaching the Security Server until you patch the server.  Obviously if you have users using it applying the patch immediately is very important.  It is so important that you can’t wait for a nightly maintenance or if your boss is on CHRISTmas off and you can’t get permission.  This is an emergency patch.

You must also patch the View Connection Server VCS but this one is less risky than the Security Server (Still risky) since typically the VCS are only exposed internally.  This is true if your View infrastructure in designed with best practice in mind.  What do I mean, some View admins might use a full blown VCS and expose it to the internet for outside mobile users which is not the best practice.  If that is the case then you are at high risk and I hope you have your resume up-to-date and ready to go and if not, shut down your expose VCS first before you draft the latest one =).  Kidding aside, you should fix the architecture nondomain-joined View Security Server on the DMZ paired with the domain-joined VCS and apply the 5.1.2 patch.

The agent patch on the VM guest has no urgency so there is no need to apply the patch on each and every vm guest.  At least I did not see any urgency from the advisory.

I wish you all a blessed CHRISTmas!!


One response to “View 5.1.2 Directory Traversal

  1. I really respected your ultimate weblog and also thinking.
    That you may be terrific.
    Say thank you with regards to posting the item therefore i aspire to study even much
    more by you in the long run.
    Wonderful undertaking to maintain your internet site fully clean in addition to top quality bad any and all fake.

    Maybe you experience any helpful hints just for individual web site and keep the following freed from
    Or any strategy on the ways to pull in equipped with complete
    level of quality like all yours?
    Pitiful in my native english speakers 🙂 it is actually not at all great indigne vocab, wish that you’re in the position to fully grasp

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s