Summary
Detail | |||
---|---|---|---|
Vendor | Citrix | First view | 2002-12-31 |
Product | Access Essentials | Last view | 2008-10-22 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:* | 5 |
cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:* | 5 |
cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:* | 4 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2008-10-22 | CVE-2008-4676 | Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. |
6.5 | 2008-05-18 | CVE-2008-2300 | Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors. |
10 | 2008-01-18 | CVE-2008-0356 | Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513. |
10 | 2007-05-24 | CVE-2007-2850 | The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string. |
4.3 | 2002-12-31 | CVE-2002-2426 | Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
25% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
25% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
48642 | Citrix XenApp Unspecified Local Privilege Escalation |
45329 | Citrix Presentation Server Authenticated Unauthorized Desktop Session Access |
40860 | Citrix Presentation Server Independent Management Architecture (IMA) Service ... |
40859 | Citrix Multiple Products ICA Connection CSRF |
36651 | Citrix Multiple Products Session Reliability Service (XTE) Network Policy Bypass |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2008-T-0020 | Multiple Vulnerabilities in Citrix Presentation Server Severity: Category II - VMSKEY: V0016017 |
2008-T-0004 | Citrix Presentation Server IMA Service Buffer Overflow Vulnerability Severity: Category II - VMSKEY: V0015730 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Citrix MetaFrame IMA buffer overflow attempt RuleID : 13519 - Type : SERVER-OTHER - Revision : 9 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-07-30 | Name: The remote host has a virtualization application installed that is affected b... File: citrix_presentation_server_ctx114487.nasl - Type: ACT_GATHER_INFO |
2013-07-30 | Name: The remote host has a virtualization application installed that is affected b... File: citrix_presentation_server_ctx116289.nasl - Type: ACT_GATHER_INFO |