VMSA-2023-0017

Moderate

Advisory ID: VMSA-2023-0017

CVSSv3 Range: 5.3

Issue Date: 2023-08-03

Updated On: 2023-08-03 (Initial Advisory)

CVE(s): CVE-2023-34037, CVE-2023-34038

Synopsis: VMware Horizon Server updates address multiple security vulnerabilities (CVE-2023-34037, CVE-2023-34038)

1. Impacted Products

VMware Horizon Server

2. Introduction

Multiple vulnerabilities in VMware Horizon Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

3a. Request smuggling vulnerability (CVE-2023-34037)

Description

VMware Horizon Server contains a HTTP request smuggling vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Known Attack Vectors

A malicious actor with network access may be able to perform HTTP smuggle requests.

Resolution

To remediate CVE-2023-34037 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Ricter Z, and Matt Landers of OccamSec for independently reporting this issue to us.

3b. Information disclosure vulnerability (CVE-2023-34038)

Description

VMware Horizon Server contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Known Attack Vectors

A malicious actor with network access may be able to access information relating to the internal network configuration.

Resolution

To remediate CVE-2023-34038 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Matt Landers of OccamSec for reporting this issue to us.

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Horizon Server	2306	Any	N/A	N/A	N/A	Unaffected	N/A	N/A
VMware Horizon Server	2303	Any	CVE-2023-34037, CVE-2023-34038	5.3	moderate	2306	None	None
VMware Horizon Server	2212	Any	CVE-2023-34037, CVE-2023-34038	5.3	moderate	2212.1	None	None
VMware Horizon Server	2209, 2206	Any	CVE-2023-34037, CVE-2023-34038	5.3	moderate	2209.1	None	None
VMware Horizon Server	2111.x, 2106, 2103, 2012, 2006	Any	CVE-2023-34037, CVE-2023-34038	5.3	moderate	2111.2	None	None

4. References

Fixed Versions(s) and Release Notes:
2306 https://docs.vmware.com/en/VMware-Horizon/8-2306/rn/vmware-horizon-8-2306-release-notes/index.html
2212.1 https://docs.vmware.com/en/VMware-Horizon/8-2212.1/rn/vmware-horizon-8-22121-release-notes/index.html
2209.1 https://docs.vmware.com/en/VMware-Horizon/8-2209.1/rn/vmware-horizon-8-22091-release-notes/index.html
2111.2 https://docs.vmware.com/en/VMware-Horizon/8-2111.2/rn/vmware-horizon-8-21112-release-notes/index.html

Downloads:
2306 https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2306
2212.1 https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2212
2209.1 https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2209
2111.2 https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2111

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34038

FIRST CVSSv3 Calculator:
CVE-2023-34037: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-34038: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5. Change Log

2023-08-03: VMSA-2023-0017
Initial security advisory.

6. Contact

E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
https://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Today’s Multi-Cloud Reality: Cloud Chaos

87% of enterprises use two or more cloud environments to run their applications. Multi-cloud accelerates digital transformation, but also introduces complexity and risk, resulting in a chaotic reality for many organizations.

Conquer Cloud Chaos with VMware Cross-Cloud services

Anywhere Workspace

App Platform

Cloud & Edge Infrastructure

Cloud Management

Desktop Hypervisor

Security & Networking

Run VMware on any Cloud. Any Environment. Anywhere.

On Public & Hybrid Clouds

On Private & Local Clouds

Solutions

Anywhere Workspace
Access Any App on Any Device Securely

App Platform
Build and Operate Cloud Native Apps

Cloud Infrastructure
Run Enterprise Apps Anywhere

Cloud Management
Automate and Optimize Apps and Clouds

Edge Infrastructure
Enable the Multi-Cloud Edge

Networking
Enable Connectivity for Apps and Clouds

Security
Secure Apps and Clouds

By Industry

VMware AI Solutions

For Customers

For Partners

Working Together with Partners for Customer Success

Tools & Training

Services

Support

Marketplace

Videos

Blogs & Communities

Customers

Events

1. Impacted Products

2. Introduction

3a. Request smuggling vulnerability (CVE-2023-34037)

3b. Information disclosure vulnerability (CVE-2023-34038)

4. References

5. Change Log

6. Contact

Today’s Multi-Cloud Reality: Cloud Chaos

87% of enterprises use two or more cloud environments to run their applications. Multi-cloud accelerates digital transformation, but also introduces complexity and risk, resulting in a chaotic reality for many organizations.

Conquer Cloud Chaos with VMware Cross-Cloud services

Anywhere Workspace

App Platform

Cloud & Edge Infrastructure

Cloud Management

Desktop Hypervisor

Security & Networking

Run VMware on any Cloud. Any Environment. Anywhere.

On Public & Hybrid Clouds

On Private & Local Clouds

Solutions

Anywhere Workspace Access Any App on Any Device Securely

App Platform Build and Operate Cloud Native Apps

Cloud Infrastructure Run Enterprise Apps Anywhere

Cloud Management Automate and Optimize Apps and Clouds

Edge Infrastructure Enable the Multi-Cloud Edge

Networking Enable Connectivity for Apps and Clouds

Security Secure Apps and Clouds

By Industry

VMware AI Solutions

For Customers

For Partners

Working Together with Partners for Customer Success

Tools & Training

Services

Support

Marketplace

Videos

Blogs & Communities

Customers

Events

1. Impacted Products

2. Introduction

3a. Request smuggling vulnerability (CVE-2023-34037)

3b. Information disclosure vulnerability (CVE-2023-34038)

4. References

5. Change Log

6. Contact

Anywhere Workspace
Access Any App on Any Device Securely

App Platform
Build and Operate Cloud Native Apps

Cloud Infrastructure
Run Enterprise Apps Anywhere

Cloud Management
Automate and Optimize Apps and Clouds

Edge Infrastructure
Enable the Multi-Cloud Edge

Networking
Enable Connectivity for Apps and Clouds

Security
Secure Apps and Clouds