CVE-2002-2426

Sažetak

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

Reference

http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt
http://secunia.com/advisories/27633
http://support.citrix.com/article/CTX115245
http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
http://www.securityfocus.com/bid/26451
http://www.securitytracker.com/id?1018962
http://www.vupen.com/english/advisories/2007/3870

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-03-2011 - 02:11

Objavljeno

31-12-2002 - 05:00