6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.2%
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading “residual information”, including the a referer log, browser history, or browser cache.
CPE | Name | Operator | Version |
---|---|---|---|
access_gateway | eq | 4.2 | |
access_gateway | eq | 4.0 | |
access_gateway | eq | 4.5 standard | |
access_gateway | eq | 4.5 advanced |
osvdb.org/45288
secunia.com/advisories/26143
securitytracker.com/id?1018435
support.citrix.com/article/CTX112803
support.citrix.com/article/CTX113814
www.securityfocus.com/archive/1/482626/100/100/threaded
www.securityfocus.com/bid/24975
www.vupen.com/english/advisories/2007/2583
exchange.xforce.ibmcloud.com/vulnerabilities/35510