CVE-2010-4566

Sažetak

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

Reference

http://securityreason.com/securityalert/8119
http://support.citrix.com/article/CTX127613
http://www.exploit-db.com/exploits/16916
http://www.osvdb.org/70099
http://www.securitytracker.com/id?1024893
http://www.vsecurity.com/resources/advisory/20101221-1

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

22-09-2011 - 03:26

Objavljeno

14-01-2011 - 23:00