Lucene search

[email protected]NVD:CVE-2002-2426

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-2426

2002-12-3105:00:00

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.006

Percentile

79.2%

JSON

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

citrixaccess_essentialsMatch1.0

citrixaccess_essentialsMatch1.5

citrixaccess_essentialsMatch2.0

citrixmetaframe_presentation_serverMatch3.0

citrixpresentation_serverMatch4.0

citrixpresentation_serverMatch4.5

VendorProductVersionCPE
citrixaccess_essentials1.0cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*
citrixaccess_essentials1.5cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*
citrixaccess_essentials2.0cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:*
citrixmetaframe_presentation_server3.0cpe:2.3:a:citrix:metaframe_presentation_server:3.0:*:*:*:*:*:*:*
citrixpresentation_server4.0cpe:2.3:a:citrix:presentation_server:4.0:*:*:*:*:*:*:*
citrixpresentation_server4.5cpe:2.3:a:citrix:presentation_server:4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
citrix	access_essentials	1.0	cpe:2.3:a:citrix:access_essentials:1.0:::::::*
citrix	access_essentials	1.5	cpe:2.3:a:citrix:access_essentials:1.5:::::::*
citrix	access_essentials	2.0	cpe:2.3:a:citrix:access_essentials:2.0:::::::*
citrix	metaframe_presentation_server	3.0	cpe:2.3:a:citrix:metaframe_presentation_server:3.0:::::::*
citrix	presentation_server	4.0	cpe:2.3:a:citrix:presentation_server:4.0:::::::*
citrix	presentation_server	4.5	cpe:2.3:a:citrix:presentation_server:4.5:::::::*

References

packetstormsecurity.org/0210-exploits/hackingcitrix.txt

secunia.com/advisories/27633

support.citrix.com/article/CTX115245

www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/

www.securityfocus.com/bid/26451

www.securitytracker.com/id?1018962

www.vupen.com/english/advisories/2007/3870

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.006

Percentile

79.2%

JSON

Related for NVD:CVE-2002-2426

cve1 cvelist1