Vulnerabilites related to citrix - access_essentials
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | access_essentials | 1.0 | |
| citrix | access_essentials | 1.5 | |
| citrix | access_essentials | 2.0 | |
| citrix | metaframe_presentation_server | 3.0 | |
| citrix | presentation_server | 4.0 | |
| citrix | presentation_server | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9F197-991D-4920-BE9A-2E3495E76CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21B89150-1806-481D-B0D9-FD37BA4798D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D04505CA-D715-4094-9B39-61FA8BDB3A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E406CDDF-A2F6-42EC-B4EF-93258F21C08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "967F31B0-0299-4BCE-91E5-45E2B38CFCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD859173-2ACD-4C60-8EF4-5B0434EA8244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
],
"id": "CVE-2002-2426",
"lastModified": "2024-11-20T23:43:39.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27633"
},
{
"source": "cve@mitre.org",
"url": "http://support.citrix.com/article/CTX115245"
},
{
"source": "cve@mitre.org",
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26451"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018962"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX115245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 10:30
Modified
2024-11-21 00:52
Severity ?
Summary
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | access_essentials | 1.0 | |
| citrix | access_essentials | 1.5 | |
| citrix | access_essentials | 2.0 | |
| citrix | presentation_server | 4.0 | |
| citrix | xenapp | * | |
| citrix | xenapp | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9F197-991D-4920-BE9A-2E3495E76CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21B89150-1806-481D-B0D9-FD37BA4798D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D04505CA-D715-4094-9B39-61FA8BDB3A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "967F31B0-0299-4BCE-91E5-45E2B38CFCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:fp1:*:*:*:*:*:*",
"matchCriteriaId": "60589E82-E176-4C0C-9034-B3E5C1F6B3D6",
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBAEA3D-7E35-4C89-B416-8CDEB3286253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Citrix XenApp (formalmente Presentation Server) 4.5 Feature Pack 1 y versiones anteriores, Presentation Server 4.0, y Access Essentials 1.0, 1.5, y 2.0 permite a los usuarios locales obtener privilegios a trav\u00e9s de vectores de ataque desconocidos relativos a la creaci\u00f3n de un archivo no especificado. NOTA: esto deber\u00eda de ser el mismo asunto que CVE-2008-3485, pero el anuncio del vendedor es tan impreciso como para ser cierto."
}
],
"id": "CVE-2008-4676",
"lastModified": "2024-11-21T00:52:15.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T10:30:01.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32017"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX116310"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31484"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020954"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2702"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX116310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-24 18:30
Modified
2024-11-21 00:31
Severity ?
Summary
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9F197-991D-4920-BE9A-2E3495E76CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21B89150-1806-481D-B0D9-FD37BA4798D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2000:*:*:*:*:*",
"matchCriteriaId": "0C88F86F-F07D-4C17-B5D5-EC8F1A69A65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2003:*:*:*:*:*",
"matchCriteriaId": "5B4DBD3F-254D-4C25-9D7E-ECDEF7AED8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe:3.0:*:x64_edition:*:*:*:*:*",
"matchCriteriaId": "950A42AA-2FF6-4C8C-84A3-E4623D5258AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe:4.0:*:microsoft_windows_2000:*:*:*:*:*",
"matchCriteriaId": "CA262BAB-EFDB-4498-85CF-592517FC836D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe:4.0:*:microsoft_windows_2003:*:*:*:*:*",
"matchCriteriaId": "DF0B55D1-F942-4B6B-84AB-195A462B3119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe:4.0:*:x64_edition:*:*:*:*:*",
"matchCriteriaId": "048974DF-1A85-42F5-BD08-8B2D991B411E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string."
},
{
"lang": "es",
"value": "El Session Reliability Service (XTE) del Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0 y Access Essentials 1.0 y 1.5, permite a atacantes remotos evitar las pol\u00edticas de seguridad de la red y conectarse a puertos TCP de su elecci\u00f3n a trav\u00e9s de una cadena address:port modificada."
}
],
"evaluatorSolution": "The vendor has addressed this issue with the following product updates:\r\n\r\nMetaFrame Presentation Server 3.0 for Windows 2000 Server:\r\nEN - http://support.citrix.com/article/CTX112818\r\nFR - http://support.citrix.com/article/CTX112821\r\nDE - http://support.citrix.com/article/CTX112819\r\nJA - http://support.citrix.com/article/CTX112820\r\nES - http://support.citrix.com/article/CTX112822\r\n\r\nMetaFrame Presentation Server 3.0 for Windows Server 2003:\r\nEN - http://support.citrix.com/article/CTX112813\r\nFR - http://support.citrix.com/article/CTX112816\r\nDE - http://support.citrix.com/article/CTX112814\r\nJA - http://support.citrix.com/article/CTX112815\r\nES - http://support.citrix.com/article/CTX112817\r\n\r\nCitrix Presentation Server 4.0 for Windows 2000 Server:\r\nEN - http://support.citrix.com/article/CTX112844\r\nFR - http://support.citrix.com/article/CTX112847\r\nDE - http://support.citrix.com/article/CTX112845\r\nJA - http://support.citrix.com/article/CTX112848\r\nES - http://support.citrix.com/article/CTX112846\r\n\r\nCitrix Presentation Server 4.0 for Windows Server 2003:\r\nEN - http://support.citrix.com/article/CTX112839\r\nFR - http://support.citrix.com/article/CTX112842\r\nDE - http://support.citrix.com/article/CTX112840\r\nJA - http://support.citrix.com/article/CTX112843\r\nES - http://support.citrix.com/article/CTX112841\r\n\r\nCitrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:\r\nEN - http://support.citrix.com/article/CTX112886\r\nFR - http://support.citrix.com/article/CTX112887\r\nDE - http://support.citrix.com/article/CTX112888\r\nJA - http://support.citrix.com/article/CTX112890\r\nES - http://support.citrix.com/article/CTX112889\r\n\r\nCitrix Access Essentials 1.0:\r\nEN - http://support.citrix.com/article/CTX112839\r\nFR - http://support.citrix.com/article/CTX112842\r\nDE - http://support.citrix.com/article/CTX112840\r\nES - http://support.citrix.com/article/CTX112841\r\n\r\nCitrix Access Essentials 1.5:\r\nEN - http://support.citrix.com/article/CTX112839\r\nFR - http://support.citrix.com/article/CTX112842\r\nDE - http://support.citrix.com/article/CTX112840\r\nES - http://support.citrix.com/article/CTX112841\r\n",
"id": "CVE-2007-2850",
"lastModified": "2024-11-21T00:31:48.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-24T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25371"
},
{
"source": "cve@mitre.org",
"url": "http://support.citrix.com/article/CTX112964"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018098"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1918"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX112964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-18 22:00
Modified
2024-11-21 00:41
Severity ?
Summary
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | access_essentials | * | |
| citrix | desktop_server | 1.0 | |
| citrix | metaframe_presentation_server | * | |
| citrix | presentation_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96365CE2-22BF-408E-939F-22FFABF63061",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08AEEC3F-E8DD-4535-98D2-4CFD83439A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B612D535-0FED-49B5-85B7-7B33CC1EF320",
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B22EE40-B6D5-4A1D-B6F5-48E14FB189AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el servicio Independent Management Architecture (IMA) de Citrix Presentation Server (MetaFrame Presentation Server) 4.5 y versiones anteriores, Access Essentials 2.0 y versiones anteriores, y Desktop Server 1.0 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un valor de tama\u00f1o inv\u00e1lido en un paquete al puerto TCP 2512 \u00f3 2513."
}
],
"id": "CVE-2008-0356",
"lastModified": "2024-11-21T00:41:49.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-18T22:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28508"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX114487"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27329"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019231"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX114487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| citrix | presentation_server | * | |
| citrix | access_essentials | * | |
| citrix | desktop_server | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:presentation_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5A8250-7C4A-4AEB-A850-3FF59D453F61",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96365CE2-22BF-408E-939F-22FFABF63061",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08AEEC3F-E8DD-4535-98D2-4CFD83439A69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en SecureICA e ICA Basic encryption de Citrix Presentation Server 4.5 y anteriores, Access Essentials 2.0 y anteriores y Desktop Server 1.0 puede provocar que los clientes usen configuraciones de encriptado m\u00e1s d\u00e9biles que las configuradas por el administrador, lo que podr\u00eda permitir a los atacantes evitar las restricciones previstas."
}
],
"id": "CVE-2008-2299",
"lastModified": "2024-11-21T00:46:33.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30271"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX114893"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29233"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1020026"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1531/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX114893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1020026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1531/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42444"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | access_essentials | * | |
| citrix | access_essentials | 1.0 | |
| citrix | access_essentials | 1.5 | |
| citrix | citrix_presentation_server | * | |
| citrix | desktop_server | 1.0 | |
| citrix | metaframe_presentation_server | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96365CE2-22BF-408E-939F-22FFABF63061",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9F197-991D-4920-BE9A-2E3495E76CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21B89150-1806-481D-B0D9-FD37BA4798D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:citrix_presentation_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A571EDD-12ED-4398-8AED-5916A4580294",
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08AEEC3F-E8DD-4535-98D2-4CFD83439A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15137D61-8E46-4F46-B475-098429A79484",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Citrix Presentation Server 4.5 y anteriores, Citrix Access Essentials 2.0 y anteriores y Citrix Desktop Server 1.0 permite a atacantes autentificados remotamente acceder a escritorios no autorizados mediante vectores de ataque desconocidos."
}
],
"id": "CVE-2008-2300",
"lastModified": "2024-11-21T00:46:33.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30271"
},
{
"source": "cve@mitre.org",
"url": "http://support.citrix.com/article/CTX116941"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29232"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020027"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX116941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-0356
Vulnerability from cvelistv5
Published
2008-01-18 21:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/486585/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/28508 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0172 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/412228 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id?1019231 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/27329 | vdb-entry, x_refsource_BID | |
| http://zerodayinitiative.com/advisories/ZDI-08-002.html | x_refsource_MISC | |
| http://support.citrix.com/article/CTX114487 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:35.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX114487"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX114487"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27329"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-08-002.html",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"name": "http://support.citrix.com/article/CTX114487",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX114487"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0356",
"datePublished": "2008-01-18T21:00:00",
"dateReserved": "2008-01-18T00:00:00",
"dateUpdated": "2024-08-07T07:39:35.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4676
Vulnerability from cvelistv5
Published
2008-10-22 10:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.citrix.com/article/CTX116310 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31484 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1020954 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45507 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32017 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2702 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX116310"
},
{
"name": "31484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31484"
},
{
"name": "1020954",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020954"
},
{
"name": "citrix-server-unspecified-priv-escalation(45507)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
},
{
"name": "32017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32017"
},
{
"name": "ADV-2008-2702",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX116310"
},
{
"name": "31484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31484"
},
{
"name": "1020954",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020954"
},
{
"name": "citrix-server-unspecified-priv-escalation(45507)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
},
{
"name": "32017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32017"
},
{
"name": "ADV-2008-2702",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX116310",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX116310"
},
{
"name": "31484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31484"
},
{
"name": "1020954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020954"
},
{
"name": "citrix-server-unspecified-priv-escalation(45507)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
},
{
"name": "32017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32017"
},
{
"name": "ADV-2008-2702",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4676",
"datePublished": "2008-10-22T10:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2300
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/29232 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/30271 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1020027 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX116941 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/1530/references | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42439 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:00.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020027"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020027"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020027"
},
{
"name": "http://support.citrix.com/article/CTX116941",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2300",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:00.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2299
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1531/references | vdb-entry, x_refsource_VUPEN | |
| http://support.citrix.com/article/CTX114893 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/30271 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29233 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1020026 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42444 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:00.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1531",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1531/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX114893"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "29233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29233"
},
{
"name": "1020026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020026"
},
{
"name": "citrix-presentationserver-ica-weak-security(42444)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1531",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1531/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX114893"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "29233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29233"
},
{
"name": "1020026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020026"
},
{
"name": "citrix-presentationserver-ica-weak-security(42444)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1531",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1531/references"
},
{
"name": "http://support.citrix.com/article/CTX114893",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX114893"
},
{
"name": "30271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30271"
},
{
"name": "29233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29233"
},
{
"name": "1020026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020026"
},
{
"name": "citrix-presentationserver-ica-weak-security(42444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2299",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:00.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2426
Vulnerability from cvelistv5
Published
2007-11-20 00:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1018962 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt | x_refsource_MISC | |
| http://support.citrix.com/article/CTX115245 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/3870 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/26451 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27633 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018962"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27633"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018962"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27633"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018962",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018962"
},
{
"name": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"name": "http://support.citrix.com/article/CTX115245",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27633"
},
{
"name": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2426",
"datePublished": "2007-11-20T00:00:00",
"dateReserved": "2007-11-19T00:00:00",
"dateUpdated": "2024-08-08T04:06:53.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2850
Vulnerability from cvelistv5
Published
2007-05-24 18:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34448 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/25371 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.citrix.com/article/CTX112964 | x_refsource_CONFIRM | |
| http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2007/1918 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1018098 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:53.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "citrix-session-security-bypass(34448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
},
{
"name": "25371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25371"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX112964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
},
{
"name": "ADV-2007-1918",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1918"
},
{
"name": "1018098",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "citrix-session-security-bypass(34448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
},
{
"name": "25371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25371"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX112964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
},
{
"name": "ADV-2007-1918",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1918"
},
{
"name": "1018098",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citrix-session-security-bypass(34448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
},
{
"name": "25371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25371"
},
{
"name": "http://support.citrix.com/article/CTX112964",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX112964"
},
{
"name": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf",
"refsource": "MISC",
"url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
},
{
"name": "ADV-2007-1918",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1918"
},
{
"name": "1018098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2850",
"datePublished": "2007-05-24T18:00:00",
"dateReserved": "2007-05-24T00:00:00",
"dateUpdated": "2024-08-07T13:57:53.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}