Lucene search

[email protected]CVE-2008-6830

HistoryJun 08, 2009 - 7:30 p.m.

CVE-2008-6830

2009-06-0819:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2008-6830

citrix

web interface

java application servers

session termination

security vulnerability

7.5 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

69.3%

JSON

The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user’s web interface session, which allows attackers with access to the same browser instance to gain access to the user’s Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface.

CPENameOperatorVersion
citrix:web_interfacecitrix web interfaceeq5.0
citrix:web_interfacecitrix web interfaceeq5.0.1

CPE	Name	Operator	Version
citrix:web_interface	citrix web interface	eq	5.0
citrix:web_interface	citrix web interface	eq	5.0.1

References

osvdb.org/49387

secunia.com/advisories/32444

support.citrix.com/article/CTX118768

www.securityfocus.com/bid/31943

www.securitytracker.com/id?1021110

www.vupen.com/english/advisories/2008/2946

exchange.xforce.ibmcloud.com/vulnerabilities/46135

7.5 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for CVE-2008-6830

prion1 cvelist1