VAR-200707-0193
Vulnerability from variot - Updated: 2023-12-18 12:32Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session.
2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user. This can be exploited to e.g.
This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior.
A redirection issue that may facilitate phishing attacks has also been reported.
SOLUTION: Apply hotfix and update firmware to version 4.5.5.
Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028
Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803
The vendor also recommends to remove the following components from client devices:
VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2)
EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0)
EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations)
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston.
ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0193",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "access gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "firmware 4.5.5"
},
{
"model": "advanced access control",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.2"
},
{
"model": "advanced access control",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.0"
},
{
"model": "access gateway standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "access gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "advanced access control hf.1",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": null
},
{
"model": "access gateway standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5.5"
},
{
"model": "access gateway advanced edition",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5.5"
}
],
"sources": [
{
"db": "BID",
"id": "24975"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002414"
},
{
"db": "NVD",
"id": "CVE-2007-4017"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4017"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin O\u0027NealPaul Johnston",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-4017",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-27379",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-4017",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-441",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-27379",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27379"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002414"
},
{
"db": "NVD",
"id": "CVE-2007-4017"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to:\n- Obtain sensitive information\n- Execute code remotely\n- Hijack sessions\n- Redirect users to arbitrary sites\n- Make unauthorized configuration changes\nCitrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n1) A security issue due to residual information left on the client\ndevice can be exploited to gain unauthorized access to a user\\x92s\nactive session. \n\n2) Multiple unspecified errors in client components (Net6Helper.DLL\nand npCtxCAO.dll as ActiveX control and Firefox plugin) of Access\nGateway Standard and Advanced Editions can be exploited to execute\narbitrary code in context of the logged-in user. This can be exploited to e.g. \n\nThis vulnerability is reported in Access Gateway model 2000\nappliances with firmware version 4.5.2 and prior. \n\nA redirection issue that may facilitate phishing attacks has also\nbeen reported. \n\nSOLUTION:\nApply hotfix and update firmware to version 4.5.5. \n\nAccess Gateway Standard Edition 4.5:\nhttp://support.citrix.com/article/CTX114028\n\nAccess Gateway Advanced Edition 4.5:\nhttp://support.citrix.com/article/CTX112803\n\nThe vendor also recommends to remove the following components from\nclient devices:\n\nVPN ActiveX components:\n* Net6Helper.DLL (Friendly name: Net6Launcher Class, version number\nup to and including 4.5.2)\n\nEPA Components (ActiveX):\n* npCtxCAO.dll (Friendly name: CCAOControl Object, version number up\nto 4,5,0,0)\n\nEPA Components (Firefox plugin):\n* npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client,\npresent in two locations)\n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Martin O\\x92Neal, Corsaire. \n2) The vendor credits Michael White, Symantec. \n3) The vendor credits Paul Johnston. \n\nORIGINAL ADVISORY:\nhttp://support.citrix.com/article/CTX113814\nhttp://support.citrix.com/article/CTX113815\nhttp://support.citrix.com/article/CTX113816\nhttp://support.citrix.com/article/CTX113817\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4017"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002414"
},
{
"db": "BID",
"id": "24975"
},
{
"db": "VULHUB",
"id": "VHN-27379"
},
{
"db": "PACKETSTORM",
"id": "57912"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4017",
"trust": 2.8
},
{
"db": "BID",
"id": "24975",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26143",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "37841",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2583",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018435",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002414",
"trust": 0.8
},
{
"db": "XF",
"id": "35513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200707-441",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-27379",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57912",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27379"
},
{
"db": "BID",
"id": "24975"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002414"
},
{
"db": "PACKETSTORM",
"id": "57912"
},
{
"db": "NVD",
"id": "CVE-2007-4017"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
]
},
"id": "VAR-200707-0193",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27379"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:15.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX113817",
"trust": 0.8,
"url": "http://support.citrix.com/article/ctx113817"
},
{
"title": "CTX114028",
"trust": 0.8,
"url": "http://support.citrix.com/article/ctx114028"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002414"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://support.citrix.com/article/ctx113817"
},
{
"trust": 1.8,
"url": "http://support.citrix.com/article/ctx114028"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24975"
},
{
"trust": 1.7,
"url": "http://osvdb.org/37841"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018435"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26143"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2583"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35513"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4017"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4017"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2583"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/35513"
},
{
"trust": 0.4,
"url": "http://support.citrix.com/article/ctx113814"
},
{
"trust": 0.4,
"url": "http://support.citrix.com/article/ctx113815"
},
{
"trust": 0.4,
"url": "http://support.citrix.com/article/ctx113816"
},
{
"trust": 0.3,
"url": "/archive/1/482626"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6168/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26143/"
},
{
"trust": 0.1,
"url": "http://support.citrix.com/article/ctx112803"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27379"
},
{
"db": "BID",
"id": "24975"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002414"
},
{
"db": "PACKETSTORM",
"id": "57912"
},
{
"db": "NVD",
"id": "CVE-2007-4017"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-27379"
},
{
"db": "BID",
"id": "24975"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002414"
},
{
"db": "PACKETSTORM",
"id": "57912"
},
{
"db": "NVD",
"id": "CVE-2007-4017"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-27379"
},
{
"date": "2007-07-19T00:00:00",
"db": "BID",
"id": "24975"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002414"
},
{
"date": "2007-07-21T02:11:22",
"db": "PACKETSTORM",
"id": "57912"
},
{
"date": "2007-07-26T01:30:00",
"db": "NVD",
"id": "CVE-2007-4017"
},
{
"date": "2007-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-27379"
},
{
"date": "2016-07-05T22:00:00",
"db": "BID",
"id": "24975"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002414"
},
{
"date": "2017-07-29T01:32:40.863000",
"db": "NVD",
"id": "CVE-2007-4017"
},
{
"date": "2007-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix Access Gateway of Web -Based management console cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002414"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-441"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…