VAR-200711-0295
Vulnerability from variot - Updated: 2023-12-18 12:32The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. " Residual information " Can be hijacked in the session. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Note: This is a belated release to the mailing lists (though most of the tracking services picked this up via the Citrix advisory)...
-- History --
Discovered: 05.09.06 (Martin O'Neal) Vendor notified: 19.10.06 Document released: 20.07.07
-- Overview --
Citrix Access Gateways are described [1] as "universal SSL VPN appliances providing a secure, always-on, single point-of-access to an organization's applications and data".
Amongst other features, the product provides a web portal to corporate applications and resources.
-- Analysis --
The web portal interface incorporates a collection of .NET scripts, which utilise a session ID contained within cookies. During the authentication sequence the user session is redirected via a HTTP meta refresh header in an HTML response. The browser subsequently uses this within the next GET request (and the referer header field of the next HTTP request), placing the session ID in history files, and both client and server logs. The use of the session ID within the HTML content is made worse by the application not setting the HTTP cache control headers appropriately, which can lead to the HTML content being stored within the local browser cache.
Where this is a particularly problem, is where the web portal is accessed from a shared or public access terminal, such as an Internet Caf,; the very environment that this type of solution is intended for.
Strong authentication technology, such as SecurID 2FA, does not protect against this style of attack, as the session ID is generated after the strong authentication process is completed.
-- Recommendations --
Review the recommendations in the Citrix alert [2].
Until the product is upgraded, consider reviewing you remote access policy to restrict the use of the product in shared-access environments.
-- CVE --
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-0011 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardises names for security problems.
-- References --
[1] http://www.citrix.com/English/ps2/products/product.asp?contentID =15005 [2] http://support.citrix.com/article/CTX113814
-- Revision --
a. Initial release. b. Released.
-- Distribution --
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Corsaire accepts no responsibility for any damage caused by the use or misuse of this information.
-- Disclaimer --
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Corsaire accepts no responsibility for any damage caused by the use or misuse of this information.
-- About Corsaire --
Corsaire are a leading information security consultancy, founded in 1997 in Guildford, Surrey, UK. Corsaire bring innovation, integrity and analytical rigour to every job, which means fast and dramatic security performance improvements. Our services centre on the delivery of information security planning, assessment, implementation, management and vulnerability research.
A free guide to selecting a security assessment supplier is available at http://www.penetration-testing.com
Copyright 2006-2007 Corsaire Limited. All rights reserved.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session.
2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user.
3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site.
A redirection issue that may facilitate phishing attacks has also been reported.
SOLUTION: Apply hotfix and update firmware to version 4.5.5.
Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028
Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803
The vendor also recommends to remove the following components from client devices:
VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2)
EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0)
EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations)
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston.
ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200711-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "4.0"
},
{
"model": "access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "4.2"
},
{
"model": "access gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "advanced edition 4.5 hf1"
},
{
"model": "advanced access control",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.2"
},
{
"model": "advanced access control",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.0"
},
{
"model": "access gateway standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "access gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "advanced access control hf.1",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": null
},
{
"model": "access gateway standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5.5"
},
{
"model": "access gateway advanced edition",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5.5"
}
],
"sources": [
{
"db": "BID",
"id": "24975"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001315"
},
{
"db": "NVD",
"id": "CVE-2007-0011"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin O\u0027NealPaul Johnston",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-0011",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-23373",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0011",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200711-058",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-23373",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23373"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001315"
},
{
"db": "NVD",
"id": "CVE-2007-0011"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache. \" Residual information \" Can be hijacked in the session. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to:\n- Obtain sensitive information\n- Execute code remotely\n- Hijack sessions\n- Redirect users to arbitrary sites\n- Make unauthorized configuration changes\nCitrix has released patches for these vulnerabilities. \nNote: This is a belated release to the mailing lists (though most of the \ntracking services picked this up via the Citrix advisory)... \n\n\n-- History --\n\nDiscovered: 05.09.06 (Martin O\u0027Neal)\nVendor notified: 19.10.06\nDocument released: 20.07.07\n\n\n-- Overview --\n\nCitrix Access Gateways are described [1] as \"universal SSL VPN\nappliances providing a secure, always-on, single point-of-access to an\norganization\u0027s applications and data\". \n\nAmongst other features, the product provides a web portal to corporate\napplications and resources. \n\n\n-- Analysis --\n\nThe web portal interface incorporates a collection of .NET scripts,\nwhich utilise a session ID contained within cookies. During the\nauthentication sequence the user session is redirected via a HTTP meta\nrefresh header in an HTML response. The browser subsequently uses this\nwithin the next GET request (and the referer header field of the next\nHTTP request), placing the session ID in history files, and both client\nand server logs. The use of the session ID within the HTML content is\nmade worse by the application not setting the HTTP cache control headers\nappropriately, which can lead to the HTML content being stored within\nthe local browser cache. \n\nWhere this is a particularly problem, is where the web portal is\naccessed from a shared or public access terminal, such as an Internet\nCaf,; the very environment that this type of solution is intended for. \n\nStrong authentication technology, such as SecurID 2FA, does not protect\nagainst this style of attack, as the session ID is generated after the\nstrong authentication process is completed. \n\n\n-- Recommendations --\n\nReview the recommendations in the Citrix alert [2]. \n\nUntil the product is upgraded, consider reviewing you remote access\npolicy to restrict the use of the product in shared-access environments. \n\n\n-- CVE --\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2007-0011 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardises names for\nsecurity problems. \n\n\n-- References --\n\n[1] http://www.citrix.com/English/ps2/products/product.asp?contentID\n =15005\n[2] http://support.citrix.com/article/CTX113814\n\n\n-- Revision -- \n\na. Initial release. \nb. Released. \n\n\n -- Distribution --\n\nThe information contained within this advisory is supplied \"as-is\" with\nno warranties or guarantees of fitness of use or otherwise. Corsaire\naccepts no responsibility for any damage caused by the use or misuse of\nthis information. \n\n\n-- Disclaimer --\n\nThe information contained within this advisory is supplied \"as-is\" with\nno warranties or guarantees of fitness of use or otherwise. Corsaire\naccepts no responsibility for any damage caused by the use or misuse of\nthis information. \n\n\n-- About Corsaire --\n\nCorsaire are a leading information security consultancy, founded in 1997\nin Guildford, Surrey, UK. Corsaire bring innovation, integrity and\nanalytical rigour to every job, which means fast and dramatic security\nperformance improvements. Our services centre on the delivery of\ninformation security planning, assessment, implementation, management\nand vulnerability research. \n\nA free guide to selecting a security assessment supplier is available at\nhttp://www.penetration-testing.com\n\n\nCopyright 2006-2007 Corsaire Limited. All rights reserved. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n1) A security issue due to residual information left on the client\ndevice can be exploited to gain unauthorized access to a user\\x92s\nactive session. \n\n2) Multiple unspecified errors in client components (Net6Helper.DLL\nand npCtxCAO.dll as ActiveX control and Firefox plugin) of Access\nGateway Standard and Advanced Editions can be exploited to execute\narbitrary code in context of the logged-in user. \n\n3) The web-based administration console of an Access Gateway\nappliance allows administrator to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. change certain configuration\nsettings, by enticing a logged-in administrator to visit a malicious\nweb site. \n\nA redirection issue that may facilitate phishing attacks has also\nbeen reported. \n\nSOLUTION:\nApply hotfix and update firmware to version 4.5.5. \n\nAccess Gateway Standard Edition 4.5:\nhttp://support.citrix.com/article/CTX114028\n\nAccess Gateway Advanced Edition 4.5:\nhttp://support.citrix.com/article/CTX112803\n\nThe vendor also recommends to remove the following components from\nclient devices:\n\nVPN ActiveX components:\n* Net6Helper.DLL (Friendly name: Net6Launcher Class, version number\nup to and including 4.5.2)\n\nEPA Components (ActiveX):\n* npCtxCAO.dll (Friendly name: CCAOControl Object, version number up\nto 4,5,0,0)\n\nEPA Components (Firefox plugin):\n* npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client,\npresent in two locations)\n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Martin O\\x92Neal, Corsaire. \n2) The vendor credits Michael White, Symantec. \n3) The vendor credits Paul Johnston. \n\nORIGINAL ADVISORY:\nhttp://support.citrix.com/article/CTX113814\nhttp://support.citrix.com/article/CTX113815\nhttp://support.citrix.com/article/CTX113816\nhttp://support.citrix.com/article/CTX113817\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0011"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001315"
},
{
"db": "BID",
"id": "24975"
},
{
"db": "VULHUB",
"id": "VHN-23373"
},
{
"db": "PACKETSTORM",
"id": "60328"
},
{
"db": "PACKETSTORM",
"id": "57912"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-0011",
"trust": 2.9
},
{
"db": "BID",
"id": "24975",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26143",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "45288",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2583",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018435",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001315",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200711-058",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20071022 CORSAIRE SECURITY ADVISORY - CITRIX ACCESS GATEWAY SESSION ID DISCLOSURE ISSUE",
"trust": 0.6
},
{
"db": "XF",
"id": "35510",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "60328",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-23373",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57912",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23373"
},
{
"db": "BID",
"id": "24975"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001315"
},
{
"db": "PACKETSTORM",
"id": "60328"
},
{
"db": "PACKETSTORM",
"id": "57912"
},
{
"db": "NVD",
"id": "CVE-2007-0011"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
]
},
"id": "VAR-200711-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23373"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:15.862000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX113814",
"trust": 0.8,
"url": "http://support.citrix.com/article/ctx113814"
},
{
"title": "CTX112803",
"trust": 0.8,
"url": "http://support.citrix.com/article/ctx112803"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001315"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23373"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001315"
},
{
"db": "NVD",
"id": "CVE-2007-0011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://support.citrix.com/article/ctx113814"
},
{
"trust": 1.8,
"url": "http://support.citrix.com/article/ctx112803"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24975"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45288"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1018435"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26143"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2583"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0011"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0011"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2583"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/35510"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/482626/100/100/threaded"
},
{
"trust": 0.4,
"url": "http://support.citrix.com/article/ctx113815"
},
{
"trust": 0.4,
"url": "http://support.citrix.com/article/ctx113816"
},
{
"trust": 0.4,
"url": "http://support.citrix.com/article/ctx113817"
},
{
"trust": 0.3,
"url": "/archive/1/482626"
},
{
"trust": 0.1,
"url": "http://www.penetration-testing.com"
},
{
"trust": 0.1,
"url": "http://www.citrix.com/english/ps2/products/product.asp?contentid"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0011"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6168/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26143/"
},
{
"trust": 0.1,
"url": "http://support.citrix.com/article/ctx114028"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23373"
},
{
"db": "BID",
"id": "24975"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001315"
},
{
"db": "PACKETSTORM",
"id": "60328"
},
{
"db": "PACKETSTORM",
"id": "57912"
},
{
"db": "NVD",
"id": "CVE-2007-0011"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-23373"
},
{
"db": "BID",
"id": "24975"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001315"
},
{
"db": "PACKETSTORM",
"id": "60328"
},
{
"db": "PACKETSTORM",
"id": "57912"
},
{
"db": "NVD",
"id": "CVE-2007-0011"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-23373"
},
{
"date": "2007-07-19T00:00:00",
"db": "BID",
"id": "24975"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001315"
},
{
"date": "2007-10-23T03:57:48",
"db": "PACKETSTORM",
"id": "60328"
},
{
"date": "2007-07-21T02:11:22",
"db": "PACKETSTORM",
"id": "57912"
},
{
"date": "2007-11-05T17:46:00",
"db": "NVD",
"id": "CVE-2007-0011"
},
{
"date": "2007-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-23373"
},
{
"date": "2016-07-05T22:00:00",
"db": "BID",
"id": "24975"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001315"
},
{
"date": "2018-10-16T16:30:16.790000",
"db": "NVD",
"id": "CVE-2007-0011"
},
{
"date": "2007-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix Access Gateway of Web Session hijack vulnerability in portal interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001315"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-058"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.