CVE-2002-0503

Name of the Vulnerable Software and Affected Versions Citrix NFuse version 1.5

Description A directory traversal issue exists, allowing remote authenticated users to read arbitrary files. This is achieved by using a .. (dot dot) in the NFuse Template parameter of the boilerplate.asp file.

Recommendations For Citrix NFuse version 1.5, consider restricting access to the boilerplate.asp file until a patch is available. As a temporary workaround, avoid using the NFuse Template parameter with untrusted input to minimize the risk of exploitation.