Back to search
CVE-2007-0011
Published: Nov 5, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-2583
vdb-entry
x_refsource_VUPEN
26143
third-party-advisory
x_refsource_SECUNIA
24975
vdb-entry
x_refsource_BID
45288
vdb-entry
x_refsource_OSVDB
1018435
vdb-entry
x_refsource_SECTRACK
citrix-access-unspeci-information-disclosure(35510)
vdb-entry
x_refsource_XF
http://support.citrix.com/article/CTX112803
x_refsource_CONFIRM
20071022 Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue
mailing-list
x_refsource_BUGTRAQ
http://support.citrix.com/article/CTX113814
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now