cvelistv5 - CVE-2007-0011

CVE-2007-0011

Vulnerability from cvelistv5

Published

2007-11-05 17:00

Modified

2024-08-07 12:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/45288
cve@mitre.org	http://secunia.com/advisories/26143	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1018435
cve@mitre.org	http://support.citrix.com/article/CTX112803
cve@mitre.org	http://support.citrix.com/article/CTX113814
cve@mitre.org	http://www.securityfocus.com/archive/1/482626/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/bid/24975	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2583
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35510
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/45288
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26143	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018435
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX112803
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX113814
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/482626/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24975	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2583
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35510

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:36.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2583",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2583"
          },
          {
            "name": "26143",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26143"
          },
          {
            "name": "24975",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24975"
          },
          {
            "name": "45288",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/45288"
          },
          {
            "name": "1018435",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018435"
          },
          {
            "name": "citrix-access-unspeci-information-disclosure(35510)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX112803"
          },
          {
            "name": "20071022 Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX113814"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2583",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2583"
        },
        {
          "name": "26143",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26143"
        },
        {
          "name": "24975",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24975"
        },
        {
          "name": "45288",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/45288"
        },
        {
          "name": "1018435",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018435"
        },
        {
          "name": "citrix-access-unspeci-information-disclosure(35510)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX112803"
        },
        {
          "name": "20071022 Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX113814"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0011",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2583",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2583"
            },
            {
              "name": "26143",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26143"
            },
            {
              "name": "24975",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24975"
            },
            {
              "name": "45288",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/45288"
            },
            {
              "name": "1018435",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018435"
            },
            {
              "name": "citrix-access-unspeci-information-disclosure(35510)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
            },
            {
              "name": "http://support.citrix.com/article/CTX112803",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX112803"
            },
            {
              "name": "20071022 Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
            },
            {
              "name": "http://support.citrix.com/article/CTX113814",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX113814"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0011",
    "datePublished": "2007-11-05T17:00:00",
    "dateReserved": "2007-01-01T00:00:00",
    "dateUpdated": "2024-08-07T12:03:36.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0011\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-11-05T17:46:00.000\",\"lastModified\":\"2024-11-21T00:24:46.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \\\"residual information\\\", including the a referer log, browser history, or browser cache.\"},{\"lang\":\"es\",\"value\":\"El interfaz del portal web de Citrix Access Gateway (tambi\u00e9n conocido como Citrix Advanced Access Control) versiones anteriores a Advanced Edition 4.5 HF1, sit\u00faa un ID de sesi\u00f3n en el URL, lo cual permite a atacantes locales o remotos dependientes del contexto secuestrar sesiones al leer \\\"informaci\u00f3n residual\\\", incluyendo un fichero de trazas utilizado, historial del navegador, o la cach\u00e9 del navegador.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1A9C532-DE4A-40B5-932A-9229DEA92CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C3186D6-9A71-4B1A-8A2A-D801408E5AF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*\",\"matchCriteriaId\":\"E674A101-814E-4954-B344-663AF49FED35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*\",\"matchCriteriaId\":\"C019102F-CED4-4911-9B02-8D88AF9796DD\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/45288\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26143\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018435\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.citrix.com/article/CTX112803\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.citrix.com/article/CTX113814\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/482626/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24975\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2583\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35510\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/45288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.citrix.com/article/CTX112803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.citrix.com/article/CTX113814\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/482626/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35510\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2007-0011

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-0011

Aliases

CVE-2007-0011

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0011",
    "description": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache.",
    "id": "GSD-2007-0011"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0011"
      ],
      "details": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache.",
      "id": "GSD-2007-0011",
      "modified": "2023-12-13T01:21:35.847765Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0011",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-2583",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2583"
          },
          {
            "name": "26143",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26143"
          },
          {
            "name": "24975",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24975"
          },
          {
            "name": "45288",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/45288"
          },
          {
            "name": "1018435",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018435"
          },
          {
            "name": "citrix-access-unspeci-information-disclosure(35510)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
          },
          {
            "name": "http://support.citrix.com/article/CTX112803",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX112803"
          },
          {
            "name": "20071022 Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
          },
          {
            "name": "http://support.citrix.com/article/CTX113814",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX113814"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0011"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.citrix.com/article/CTX112803",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.citrix.com/article/CTX112803"
            },
            {
              "name": "http://support.citrix.com/article/CTX113814",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.citrix.com/article/CTX113814"
            },
            {
              "name": "24975",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/24975"
            },
            {
              "name": "1018435",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1018435"
            },
            {
              "name": "26143",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26143"
            },
            {
              "name": "45288",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/45288"
            },
            {
              "name": "ADV-2007-2583",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2583"
            },
            {
              "name": "citrix-access-unspeci-information-disclosure(35510)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
            },
            {
              "name": "20071022 Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:30Z",
      "publishedDate": "2007-11-05T17:46Z"
    }
  }
}

fkie_cve-2007-0011

Vulnerability from fkie_nvd

Published

2007-11-05 17:46

Modified

2024-11-21 00:24

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/45288
cve@mitre.org	http://secunia.com/advisories/26143	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1018435
cve@mitre.org	http://support.citrix.com/article/CTX112803
cve@mitre.org	http://support.citrix.com/article/CTX113814
cve@mitre.org	http://www.securityfocus.com/archive/1/482626/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/bid/24975	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2583
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35510
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/45288
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26143	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018435
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX112803
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX113814
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/482626/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24975	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2583
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35510

Impacted products

Vendor	Product	Version
citrix	access_gateway	4.0
citrix	access_gateway	4.2
citrix	access_gateway	4.5
citrix	access_gateway	4.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1A9C532-DE4A-40B5-932A-9229DEA92CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3186D6-9A71-4B1A-8A2A-D801408E5AF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*",
              "matchCriteriaId": "E674A101-814E-4954-B344-663AF49FED35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*",
              "matchCriteriaId": "C019102F-CED4-4911-9B02-8D88AF9796DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache."
    },
    {
      "lang": "es",
      "value": "El interfaz del portal web de Citrix Access Gateway (tambi\u00e9n conocido como Citrix Advanced Access Control) versiones anteriores a Advanced Edition 4.5 HF1, sit\u00faa un ID de sesi\u00f3n en el URL, lo cual permite a atacantes locales o remotos dependientes del contexto secuestrar sesiones al leer \"informaci\u00f3n residual\", incluyendo un fichero de trazas utilizado, historial del navegador, o la cach\u00e9 del navegador."
    }
  ],
  "id": "CVE-2007-0011",
  "lastModified": "2024-11-21T00:24:46.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-05T17:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/45288"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018435"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.citrix.com/article/CTX112803"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.citrix.com/article/CTX113814"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/45288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.citrix.com/article/CTX112803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.citrix.com/article/CTX113814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-ph74-68r2-9xmr

Vulnerability from github

Published

2022-05-01 17:41

Modified

2022-05-01 17:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-05T17:46:00Z",
    "severity": "MODERATE"
  },
  "details": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache.",
  "id": "GHSA-ph74-68r2-9xmr",
  "modified": "2022-05-01T17:41:19Z",
  "published": "2022-05-01T17:41:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0011"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/45288"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018435"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX112803"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX113814"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. " Residual information " Can be hijacked in the session. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Note: This is a belated release to the mailing lists (though most of the tracking services picked this up via the Citrix advisory)...

-- History --

Discovered: 05.09.06 (Martin O'Neal) Vendor notified: 19.10.06 Document released: 20.07.07

-- Overview --

Citrix Access Gateways are described [1] as "universal SSL VPN appliances providing a secure, always-on, single point-of-access to an organization's applications and data".

Amongst other features, the product provides a web portal to corporate applications and resources.

-- Analysis --

The web portal interface incorporates a collection of .NET scripts, which utilise a session ID contained within cookies. During the authentication sequence the user session is redirected via a HTTP meta refresh header in an HTML response. The browser subsequently uses this within the next GET request (and the referer header field of the next HTTP request), placing the session ID in history files, and both client and server logs. The use of the session ID within the HTML content is made worse by the application not setting the HTTP cache control headers appropriately, which can lead to the HTML content being stored within the local browser cache.

Where this is a particularly problem, is where the web portal is accessed from a shared or public access terminal, such as an Internet Caf,; the very environment that this type of solution is intended for.

Strong authentication technology, such as SecurID 2FA, does not protect against this style of attack, as the session ID is generated after the strong authentication process is completed.

-- Recommendations --

Review the recommendations in the Citrix alert [2].

Until the product is upgraded, consider reviewing you remote access policy to restrict the use of the product in shared-access environments.

-- CVE --

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-0011 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardises names for security problems.

-- References --

[1] http://www.citrix.com/English/ps2/products/product.asp?contentID =15005 [2] http://support.citrix.com/article/CTX113814

-- Revision --

a. Initial release. b. Released.

-- Distribution --

The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Corsaire accepts no responsibility for any damage caused by the use or misuse of this information.

-- Disclaimer --

-- About Corsaire --

Corsaire are a leading information security consultancy, founded in 1997 in Guildford, Surrey, UK. Corsaire bring innovation, integrity and analytical rigour to every job, which means fast and dramatic security performance improvements. Our services centre on the delivery of information security planning, assessment, implementation, management and vulnerability research.

A free guide to selecting a security assessment supplier is available at http://www.penetration-testing.com

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session.

2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user.

3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site.

A redirection issue that may facilitate phishing attacks has also been reported.

SOLUTION: Apply hotfix and update firmware to version 4.5.5.

Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028

Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803

The vendor also recommends to remove the following components from client devices:

VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2)

EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0)

EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations)

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston.

ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "access gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "access gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "access gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "access gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "advanced edition 4.5 hf1"
      },
      {
        "_id": null,
        "model": "advanced access control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "advanced access control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "access gateway standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "access gateway advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "advanced access control hf.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": null
      },
      {
        "_id": null,
        "model": "access gateway standard edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.5"
      },
      {
        "_id": null,
        "model": "access gateway advanced edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0011"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:citrix:access_gateway",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Martin O\u0027NealPaul Johnston",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-058"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0011",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2007-0011",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-23373",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-0011",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-0011",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200711-058",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-23373",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23373"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0011"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading \"residual information\", including the a referer log, browser history, or browser cache. \" Residual information \" Can be hijacked in the session. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to:\n- Obtain sensitive information\n- Execute code remotely\n- Hijack sessions\n- Redirect users to arbitrary sites\n- Make unauthorized configuration changes\nCitrix has released patches for these vulnerabilities. \nNote: This is a belated release to the mailing lists (though most of the \ntracking services picked this up via the Citrix advisory)... \n\n\n-- History --\n\nDiscovered: 05.09.06 (Martin O\u0027Neal)\nVendor notified: 19.10.06\nDocument released: 20.07.07\n\n\n-- Overview --\n\nCitrix Access Gateways are described [1] as \"universal SSL VPN\nappliances providing a secure, always-on, single point-of-access to an\norganization\u0027s applications and data\". \n\nAmongst other features, the product provides a web portal to corporate\napplications and resources. \n\n\n-- Analysis --\n\nThe web portal interface incorporates a collection of .NET scripts,\nwhich utilise a session ID contained within cookies.  During the\nauthentication sequence the user session is redirected via a HTTP meta\nrefresh header in an HTML response.  The browser subsequently uses this\nwithin the next GET request (and the referer header field of the next\nHTTP request), placing the session ID in history files, and both client\nand server logs.  The use of the session ID within the HTML content is\nmade worse by the application not setting the HTTP cache control headers\nappropriately, which can lead to the HTML content being stored within\nthe local browser cache. \n\nWhere this is a particularly problem, is where the web portal is\naccessed from a shared or public access terminal, such as an Internet\nCaf,; the very environment that this type of solution is intended for. \n\nStrong authentication technology, such as SecurID 2FA, does not protect\nagainst this style of attack, as the session ID is generated after the\nstrong authentication process is completed. \n\n\n-- Recommendations --\n\nReview the recommendations in the Citrix alert [2]. \n\nUntil the product is upgraded, consider reviewing you remote access\npolicy to restrict the use of the product in shared-access environments. \n\n\n-- CVE --\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2007-0011 to this issue.  This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardises names for\nsecurity problems. \n\n\n-- References --\n\n[1] http://www.citrix.com/English/ps2/products/product.asp?contentID\n    =15005\n[2] http://support.citrix.com/article/CTX113814\n\n\n-- Revision -- \n\na. Initial release. \nb. Released. \n\n\n -- Distribution --\n\nThe information contained within this advisory is supplied \"as-is\" with\nno warranties or guarantees of fitness of use or otherwise. Corsaire\naccepts no responsibility for any damage caused by the use or misuse of\nthis information. \n\n\n-- Disclaimer --\n\nThe information contained within this advisory is supplied \"as-is\" with\nno warranties or guarantees of fitness of use or otherwise. Corsaire\naccepts no responsibility for any damage caused by the use or misuse of\nthis information. \n\n\n-- About Corsaire --\n\nCorsaire are a leading information security consultancy, founded in 1997\nin Guildford, Surrey, UK. Corsaire bring innovation, integrity and\nanalytical rigour to every job, which means fast and dramatic security\nperformance improvements. Our services centre on the delivery of\ninformation security planning, assessment, implementation, management\nand vulnerability research. \n\nA free guide to selecting a security assessment supplier is available at\nhttp://www.penetration-testing.com\n\n\nCopyright 2006-2007 Corsaire Limited. All rights reserved. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n1) A security issue due to residual information left on the client\ndevice can be exploited to gain unauthorized access to a user\\x92s\nactive session. \n\n2) Multiple unspecified errors in client components (Net6Helper.DLL\nand npCtxCAO.dll as ActiveX control and Firefox plugin) of Access\nGateway Standard and Advanced Editions can be exploited to execute\narbitrary code in context of the logged-in user. \n\n3) The web-based administration console of an Access Gateway\nappliance allows administrator to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. change certain configuration\nsettings, by enticing a logged-in administrator to visit a malicious\nweb site. \n\nA redirection issue that may facilitate phishing attacks has also\nbeen reported. \n\nSOLUTION:\nApply hotfix and update firmware to version 4.5.5. \n\nAccess Gateway Standard Edition 4.5:\nhttp://support.citrix.com/article/CTX114028\n\nAccess Gateway Advanced Edition 4.5:\nhttp://support.citrix.com/article/CTX112803\n\nThe vendor also recommends to remove the following components from\nclient devices:\n\nVPN ActiveX components:\n* Net6Helper.DLL (Friendly name: Net6Launcher Class, version number\nup to and including 4.5.2)\n\nEPA Components (ActiveX):\n* npCtxCAO.dll (Friendly name: CCAOControl Object, version number up\nto 4,5,0,0)\n\nEPA Components (Firefox plugin):\n* npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client,\npresent in two locations)\n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Martin O\\x92Neal, Corsaire. \n2) The vendor credits Michael White, Symantec. \n3) The vendor credits Paul Johnston. \n\nORIGINAL ADVISORY:\nhttp://support.citrix.com/article/CTX113814\nhttp://support.citrix.com/article/CTX113815\nhttp://support.citrix.com/article/CTX113816\nhttp://support.citrix.com/article/CTX113817\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315"
      },
      {
        "db": "BID",
        "id": "24975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-23373"
      },
      {
        "db": "PACKETSTORM",
        "id": "60328"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0011",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "24975",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "26143",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "45288",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2583",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018435",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-058",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20071022 CORSAIRE SECURITY ADVISORY - CITRIX ACCESS GATEWAY SESSION ID DISCLOSURE ISSUE",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "35510",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "60328",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-23373",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "57912",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23373"
      },
      {
        "db": "BID",
        "id": "24975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315"
      },
      {
        "db": "PACKETSTORM",
        "id": "60328"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0011"
      }
    ]
  },
  "id": "VAR-200711-0295",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23373"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:24:12.112000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "CTX113814",
        "trust": 0.8,
        "url": "http://support.citrix.com/article/CTX113814"
      },
      {
        "title": "CTX112803",
        "trust": 0.8,
        "url": "http://support.citrix.com/article/CTX112803"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23373"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0011"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.2,
        "url": "http://support.citrix.com/article/ctx113814"
      },
      {
        "trust": 1.8,
        "url": "http://support.citrix.com/article/ctx112803"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/24975"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/45288"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1018435"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26143"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/482626/100/100/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2583"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35510"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0011"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0011"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2583"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/35510"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/482626/100/100/threaded"
      },
      {
        "trust": 0.4,
        "url": "http://support.citrix.com/article/ctx113815"
      },
      {
        "trust": 0.4,
        "url": "http://support.citrix.com/article/ctx113816"
      },
      {
        "trust": 0.4,
        "url": "http://support.citrix.com/article/ctx113817"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/482626"
      },
      {
        "trust": 0.1,
        "url": "http://www.penetration-testing.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.citrix.com/english/ps2/products/product.asp?contentid"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0011"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org),"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6168/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26143/"
      },
      {
        "trust": 0.1,
        "url": "http://support.citrix.com/article/ctx114028"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23373"
      },
      {
        "db": "BID",
        "id": "24975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315"
      },
      {
        "db": "PACKETSTORM",
        "id": "60328"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0011"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-23373",
        "ident": null
      },
      {
        "db": "BID",
        "id": "24975",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "60328",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "57912",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-058",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0011",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2007-11-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23373",
        "ident": null
      },
      {
        "date": "2007-07-19T00:00:00",
        "db": "BID",
        "id": "24975",
        "ident": null
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001315",
        "ident": null
      },
      {
        "date": "2007-10-23T03:57:48",
        "db": "PACKETSTORM",
        "id": "60328",
        "ident": null
      },
      {
        "date": "2007-07-21T02:11:22",
        "db": "PACKETSTORM",
        "id": "57912",
        "ident": null
      },
      {
        "date": "2007-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-058",
        "ident": null
      },
      {
        "date": "2007-11-05T17:46:00",
        "db": "NVD",
        "id": "CVE-2007-0011",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23373",
        "ident": null
      },
      {
        "date": "2016-07-05T22:00:00",
        "db": "BID",
        "id": "24975",
        "ident": null
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001315",
        "ident": null
      },
      {
        "date": "2007-11-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-058",
        "ident": null
      },
      {
        "date": "2024-11-21T00:24:46.070000",
        "db": "NVD",
        "id": "CVE-2007-0011",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-058"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Citrix Access Gateway of  Web Session hijack vulnerability in portal interface",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001315"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-058"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0011

Vulnerability from cvelistv5

gsd-2007-0011

Vulnerability from gsd

fkie_cve-2007-0011

Vulnerability from fkie_nvd

ghsa-ph74-68r2-9xmr

Vulnerability from github

var-200711-0295

Vulnerability from variot

Tags

Sightings

Nomenclature