Lucene search

MitreCVE-2002-2426

HistoryNov 20, 2007 - 12:00 a.m.

CVE-2002-2426

2007-11-2000:00:00

CWE-352

mitre

web.nvd.nist.gov

cve-2002-2426

cross-site request forgery

csrf

citrix presentation server

metaframe presentation server

access essentials

ica connection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.9

Confidence

Low

EPSS

0.006

Percentile

79.2%

JSON

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

citrixaccess_essentialsMatch1.0

citrixaccess_essentialsMatch1.5

citrixaccess_essentialsMatch2.0

citrixmetaframe_presentation_serverMatch3.0

citrixpresentation_serverMatch4.0

citrixpresentation_serverMatch4.5

VendorProductVersionCPE
citrixaccess_essentials1.0cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*
citrixaccess_essentials1.5cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*
citrixaccess_essentials2.0cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:*
citrixmetaframe_presentation_server3.0cpe:2.3:a:citrix:metaframe_presentation_server:3.0:*:*:*:*:*:*:*
citrixpresentation_server4.0cpe:2.3:a:citrix:presentation_server:4.0:*:*:*:*:*:*:*
citrixpresentation_server4.5cpe:2.3:a:citrix:presentation_server:4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
citrix	access_essentials	1.0	cpe:2.3:a:citrix:access_essentials:1.0:::::::*
citrix	access_essentials	1.5	cpe:2.3:a:citrix:access_essentials:1.5:::::::*
citrix	access_essentials	2.0	cpe:2.3:a:citrix:access_essentials:2.0:::::::*
citrix	metaframe_presentation_server	3.0	cpe:2.3:a:citrix:metaframe_presentation_server:3.0:::::::*
citrix	presentation_server	4.0	cpe:2.3:a:citrix:presentation_server:4.0:::::::*
citrix	presentation_server	4.5	cpe:2.3:a:citrix:presentation_server:4.5:::::::*

References

packetstormsecurity.org/0210-exploits/hackingcitrix.txt

secunia.com/advisories/27633

support.citrix.com/article/CTX115245

www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/

www.securityfocus.com/bid/26451

www.securitytracker.com/id?1018962

www.vupen.com/english/advisories/2007/3870

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.9

Confidence

Low

EPSS

0.006

Percentile

79.2%

JSON

Related for CVE-2002-2426