cvelistv5 - cve-2007-4013

CVE-2007-4013 (GCVE-0-2007-4013)

Vulnerability from cvelistv5 – Published: 2007-07-26 01:00 – Updated: 2024-08-07 14:37

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2583	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/26143	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/24975	vdb-entryx_refsource_BID
	http://osvdb.org/37843	vdb-entryx_refsource_OSVDB
	http://osvdb.org/37844	vdb-entryx_refsource_OSVDB
	http://support.citrix.com/article/CTX113815	x_refsource_CONFIRM
	http://support.citrix.com/article/CTX114028	x_refsource_CONFIRM
	http://osvdb.org/37842	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:05.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2583",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2583"
          },
          {
            "name": "26143",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26143"
          },
          {
            "name": "24975",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24975"
          },
          {
            "name": "37843",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37843"
          },
          {
            "name": "37844",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX113815"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX114028"
          },
          {
            "name": "37842",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37842"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-11-15T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2583",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2583"
        },
        {
          "name": "26143",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26143"
        },
        {
          "name": "24975",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24975"
        },
        {
          "name": "37843",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37843"
        },
        {
          "name": "37844",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX113815"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX114028"
        },
        {
          "name": "37842",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37842"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4013",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2583",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2583"
            },
            {
              "name": "26143",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26143"
            },
            {
              "name": "24975",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24975"
            },
            {
              "name": "37843",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37843"
            },
            {
              "name": "37844",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37844"
            },
            {
              "name": "http://support.citrix.com/article/CTX113815",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX113815"
            },
            {
              "name": "http://support.citrix.com/article/CTX114028",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX114028"
            },
            {
              "name": "37842",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37842"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4013",
    "datePublished": "2007-07-26T01:00:00",
    "dateReserved": "2007-07-25T00:00:00",
    "dateUpdated": "2024-08-07T14:37:05.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*\", \"versionEndIncluding\": \"4.5\", \"matchCriteriaId\": \"DBDE442A-F7FC-4369-A28E-6C6AA8B999A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*\", \"versionEndIncluding\": \"4.5\", \"matchCriteriaId\": \"7A132506-353D-4128-82A2-46DBC000B753\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:endpoint_analysis_client:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAAA6921-5794-4DF0-83DA-4A20DED53C3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14E6A30E-7577-4569-9309-53A0AF7FE3AC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*\", \"versionEndIncluding\": \"4.5\", \"matchCriteriaId\": \"DBDE442A-F7FC-4369-A28E-6C6AA8B999A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*\", \"versionEndIncluding\": \"4.5\", \"matchCriteriaId\": \"7A132506-353D-4128-82A2-46DBC000B753\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades no especificadas en Net6Helper.DLL (tambi\\u00e9n conocido como Net6Launcher Class) 4.5.2 y anteriores, (2) npCtxCAO.dll (tambi\\u00e9n conocido como Citrix Endpoint Analysis Client) en un extensi\\u00f3n de directorio Firefox, y (3) un segundo  pCtxCAO.dll (tambi\\u00e9n conocido como CCAOControl Object) anterior a 4.5.0.0 en Citrix Access Gateway Standard Edition anterior a 4.5.5 y Advanced Edition anterior a 4.5 HF1\"}]",
      "evaluatorComment": "Access Gateway is software offered also as an appliance.",
      "id": "CVE-2007-4013",
      "lastModified": "2024-11-21T00:34:35.260",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-07-26T01:30:00.000",
      "references": "[{\"url\": \"http://osvdb.org/37842\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37843\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37844\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26143\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://support.citrix.com/article/CTX113815\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://support.citrix.com/article/CTX114028\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/24975\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2583\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37842\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/37843\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/37844\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26143\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://support.citrix.com/article/CTX113815\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://support.citrix.com/article/CTX114028\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/24975\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2583\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4013\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-26T01:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades no especificadas en Net6Helper.DLL (tambi\u00e9n conocido como Net6Launcher Class) 4.5.2 y anteriores, (2) npCtxCAO.dll (tambi\u00e9n conocido como Citrix Endpoint Analysis Client) en un extensi\u00f3n de directorio Firefox, y (3) un segundo  pCtxCAO.dll (tambi\u00e9n conocido como CCAOControl Object) anterior a 4.5.0.0 en Citrix Access Gateway Standard Edition anterior a 4.5.5 y Advanced Edition anterior a 4.5 HF1\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*\",\"versionEndIncluding\":\"4.5\",\"matchCriteriaId\":\"DBDE442A-F7FC-4369-A28E-6C6AA8B999A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*\",\"versionEndIncluding\":\"4.5\",\"matchCriteriaId\":\"7A132506-353D-4128-82A2-46DBC000B753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:endpoint_analysis_client:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAAA6921-5794-4DF0-83DA-4A20DED53C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14E6A30E-7577-4569-9309-53A0AF7FE3AC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*\",\"versionEndIncluding\":\"4.5\",\"matchCriteriaId\":\"DBDE442A-F7FC-4369-A28E-6C6AA8B999A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*\",\"versionEndIncluding\":\"4.5\",\"matchCriteriaId\":\"7A132506-353D-4128-82A2-46DBC000B753\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37842\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37843\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37844\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26143\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.citrix.com/article/CTX113815\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.citrix.com/article/CTX114028\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/24975\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2583\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37842\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/37843\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/37844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.citrix.com/article/CTX113815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.citrix.com/article/CTX114028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/24975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Access Gateway is software offered also as an appliance.\"}}"
  }
}

GSD-2007-4013

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-4013

Aliases

CVE-2007-4013

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4013",
    "description": "Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679.",
    "id": "GSD-2007-4013"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4013"
      ],
      "details": "Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679.",
      "id": "GSD-2007-4013",
      "modified": "2023-12-13T01:21:36.319602Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4013",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-2583",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2583"
          },
          {
            "name": "26143",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26143"
          },
          {
            "name": "24975",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24975"
          },
          {
            "name": "37843",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37843"
          },
          {
            "name": "37844",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37844"
          },
          {
            "name": "http://support.citrix.com/article/CTX113815",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX113815"
          },
          {
            "name": "http://support.citrix.com/article/CTX114028",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX114028"
          },
          {
            "name": "37842",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37842"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:endpoint_analysis_client:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4013"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.citrix.com/article/CTX113815",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://support.citrix.com/article/CTX113815"
            },
            {
              "name": "http://support.citrix.com/article/CTX114028",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://support.citrix.com/article/CTX114028"
            },
            {
              "name": "24975",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/24975"
            },
            {
              "name": "26143",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26143"
            },
            {
              "name": "37843",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37843"
            },
            {
              "name": "37844",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37844"
            },
            {
              "name": "37842",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37842"
            },
            {
              "name": "ADV-2007-2583",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2583"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T02:57Z",
      "publishedDate": "2007-07-26T01:30Z"
    }
  }
}

VAR-200707-0189

Vulnerability from variot - Updated: 2023-12-18 12:32

Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679. This vulnerability CVE-2007-3679 And may overlap.Details of the impact of this vulnerability are unknown. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session.

3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site.

This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior.

A redirection issue that may facilitate phishing attacks has also been reported.

SOLUTION: Apply hotfix and update firmware to version 4.5.5. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston.

ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200707-0189",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "*"
      },
      {
        "model": "endpoint analysis client",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "*"
      },
      {
        "model": "access gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "model": "access gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "4.5 hf1"
      },
      {
        "model": "access gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "advanced edition"
      },
      {
        "model": "access gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "4.5.5"
      },
      {
        "model": "access gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "st ard edition"
      },
      {
        "model": "endpoint analysis client",
        "scope": null,
        "trust": 0.6,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "advanced access control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2"
      },
      {
        "model": "advanced access control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.0"
      },
      {
        "model": "access gateway standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "model": "access gateway advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "model": "advanced access control hf.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "access gateway standard edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.5"
      },
      {
        "model": "access gateway advanced edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:endpoint_analysis_client:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4013"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Martin O\u0027NealPaul Johnston",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-4013",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-4013",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-27375",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-4013",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200707-462",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-27375",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679. This vulnerability CVE-2007-3679 And may overlap.Details of the impact of this vulnerability are unknown. Exploiting these issues could allow an attacker to:\n- Obtain sensitive information\n- Execute code remotely\n- Hijack sessions\n- Redirect users to arbitrary sites\n- Make unauthorized configuration changes\nCitrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n1) A security issue due to residual information left on the client\ndevice can be exploited to gain unauthorized access to a user\\x92s\nactive session. \n\n3) The web-based administration console of an Access Gateway\nappliance allows administrator to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. change certain configuration\nsettings, by enticing a logged-in administrator to visit a malicious\nweb site. \n\nThis vulnerability is reported in Access Gateway model 2000\nappliances with firmware version 4.5.2 and prior. \n\nA redirection issue that may facilitate phishing attacks has also\nbeen reported. \n\nSOLUTION:\nApply hotfix and update firmware to version 4.5.5. \n2) The vendor credits Michael White, Symantec. \n3) The vendor credits Paul Johnston. \n\nORIGINAL ADVISORY:\nhttp://support.citrix.com/article/CTX113814\nhttp://support.citrix.com/article/CTX113815\nhttp://support.citrix.com/article/CTX113816\nhttp://support.citrix.com/article/CTX113817\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      },
      {
        "db": "BID",
        "id": "24975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27375"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-4013",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "24975",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "26143",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "37844",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "37843",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "37842",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2583",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002412",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-462",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-27375",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "57912",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27375"
      },
      {
        "db": "BID",
        "id": "24975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ]
  },
  "id": "VAR-200707-0189",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27375"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:32:15.937000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CTX113815",
        "trust": 0.8,
        "url": "http://support.citrix.com/article/ctx113815"
      },
      {
        "title": "CTX114028",
        "trust": 0.8,
        "url": "http://support.citrix.com/article/ctx114028"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4013"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://support.citrix.com/article/ctx113815"
      },
      {
        "trust": 1.8,
        "url": "http://support.citrix.com/article/ctx114028"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/24975"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37842"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37843"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37844"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26143"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2583"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4013"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4013"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2583"
      },
      {
        "trust": 0.4,
        "url": "http://support.citrix.com/article/ctx113814"
      },
      {
        "trust": 0.4,
        "url": "http://support.citrix.com/article/ctx113816"
      },
      {
        "trust": 0.4,
        "url": "http://support.citrix.com/article/ctx113817"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/482626"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6168/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26143/"
      },
      {
        "trust": 0.1,
        "url": "http://support.citrix.com/article/ctx112803"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27375"
      },
      {
        "db": "BID",
        "id": "24975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-27375"
      },
      {
        "db": "BID",
        "id": "24975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-07-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27375"
      },
      {
        "date": "2007-07-19T00:00:00",
        "db": "BID",
        "id": "24975"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      },
      {
        "date": "2007-07-21T02:11:22",
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "date": "2007-07-26T01:30:00",
        "db": "NVD",
        "id": "CVE-2007-4013"
      },
      {
        "date": "2007-07-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27375"
      },
      {
        "date": "2016-07-05T22:00:00",
        "db": "BID",
        "id": "24975"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      },
      {
        "date": "2011-03-08T02:57:36.953000",
        "db": "NVD",
        "id": "CVE-2007-4013"
      },
      {
        "date": "2007-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Firefox In the plugin directory  Net6Helper.DLL Vulnerabilities in unknown details",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002412"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-462"
      }
    ],
    "trust": 0.6
  }
}

GHSA-7HH7-MHM5-PGP7

Vulnerability from github – Published: 2022-05-01 18:19 – Updated: 2022-05-01 18:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4013"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-26T01:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679.",
  "id": "GHSA-7hh7-mhm5-pgp7",
  "modified": "2022-05-01T18:19:26Z",
  "published": "2022-05-01T18:19:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4013"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37842"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37843"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37844"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX113815"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX114028"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-4013

Vulnerability from fkie_nvd - Published: 2007-07-26 01:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/37842
cve@mitre.org	http://osvdb.org/37843
cve@mitre.org	http://osvdb.org/37844
cve@mitre.org	http://secunia.com/advisories/26143	Patch, Vendor Advisory
cve@mitre.org	http://support.citrix.com/article/CTX113815	Patch
cve@mitre.org	http://support.citrix.com/article/CTX114028	Patch
cve@mitre.org	http://www.securityfocus.com/bid/24975	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2583
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37842
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37843
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37844
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26143	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX113815	Patch
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX114028	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24975	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2583

Impacted products

Vendor	Product	Version
citrix	access_gateway	*
citrix	access_gateway	*
citrix	endpoint_analysis_client	*
mozilla	firefox	*
citrix	access_gateway	*
citrix	access_gateway	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*",
              "matchCriteriaId": "DBDE442A-F7FC-4369-A28E-6C6AA8B999A0",
              "versionEndIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*",
              "matchCriteriaId": "7A132506-353D-4128-82A2-46DBC000B753",
              "versionEndIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:endpoint_analysis_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAA6921-5794-4DF0-83DA-4A20DED53C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*",
              "matchCriteriaId": "DBDE442A-F7FC-4369-A28E-6C6AA8B999A0",
              "versionEndIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*",
              "matchCriteriaId": "7A132506-353D-4128-82A2-46DBC000B753",
              "versionEndIncluding": "4.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.  NOTE: vector 3 might overlap CVE-2007-3679."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no especificadas en Net6Helper.DLL (tambi\u00e9n conocido como Net6Launcher Class) 4.5.2 y anteriores, (2) npCtxCAO.dll (tambi\u00e9n conocido como Citrix Endpoint Analysis Client) en un extensi\u00f3n de directorio Firefox, y (3) un segundo  pCtxCAO.dll (tambi\u00e9n conocido como CCAOControl Object) anterior a 4.5.0.0 en Citrix Access Gateway Standard Edition anterior a 4.5.5 y Advanced Edition anterior a 4.5 HF1"
    }
  ],
  "evaluatorComment": "Access Gateway is software offered also as an appliance.",
  "id": "CVE-2007-4013",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-26T01:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37842"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37843"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37844"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX113815"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX114028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX113815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX114028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-4013 (GCVE-0-2007-4013)

GSD-2007-4013

VAR-200707-0189

GHSA-7HH7-MHM5-PGP7

FKIE_CVE-2007-4013

Tags

Sightings

Nomenclature