CVE-2002-2426

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt
http://secunia.com/advisories/27633	Vendor Advisory
http://support.citrix.com/article/CTX115245
http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
http://www.securityfocus.com/bid/26451
http://www.securitytracker.com/id?1018962
http://www.vupen.com/english/advisories/2007/3870
http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt
http://secunia.com/advisories/27633	Vendor Advisory
http://support.citrix.com/article/CTX115245
http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
http://www.securityfocus.com/bid/26451
http://www.securitytracker.com/id?1018962
http://www.vupen.com/english/advisories/2007/3870

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:access_essentials:1.0:::::::*
	cpe:2.3:a:citrix:access_essentials:1.5:::::::*
	cpe:2.3:a:citrix:access_essentials:2.0:::::::*
	cpe:2.3:a:citrix:metaframe_presentation_server:3.0:::::::*
	cpe:2.3:a:citrix:presentation_server:4.0:::::::*
	cpe:2.3:a:citrix:presentation_server:4.5:::::::*

History

20 Nov 2024, 23:43

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt -~~	() http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt -
References	~~() http://secunia.com/advisories/27633 - Vendor Advisory~~	() http://secunia.com/advisories/27633 - Vendor Advisory
References	~~() http://support.citrix.com/article/CTX115245 -~~	() http://support.citrix.com/article/CTX115245 -
References	~~() http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ -~~	() http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ -
References	~~() http://www.securityfocus.com/bid/26451 -~~	() http://www.securityfocus.com/bid/26451 -
References	~~() http://www.securitytracker.com/id?1018962 -~~	() http://www.securitytracker.com/id?1018962 -
References	~~() http://www.vupen.com/english/advisories/2007/3870 -~~	() http://www.vupen.com/english/advisories/2007/3870 -

Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:43

NVD link : CVE-2002-2426

Mitre link : CVE-2002-2426

CVE.ORG link : CVE-2002-2426

JSON object : View

Products Affected

citrix

metaframe_presentation_server
access_essentials
presentation_server

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

4.3 /10