PT-2007-1510 · Citrix · Citrix Access Gateway

Published

2007-11-05

Updated

2018-10-16

CVE-2007-0011

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Citrix Access Gateway versions prior to Advanced Edition 4.5 HF1

Description The issue affects the web portal interface, allowing context-dependent attackers to hijack sessions by reading residual information, including referer logs, browser history, or browser cache, due to the session ID being placed in the URL.

Recommendations For versions prior to Advanced Edition 4.5 HF1, update to Advanced Edition 4.5 HF1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and clearing browser history and cache regularly to minimize the risk of session hijacking.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2007-0011

Affected Products

Citrix Access Gateway

PT-2007-1510 · Citrix · Citrix Access Gateway

CVE-2007-0011

Weakness Enumeration

Related Identifiers

Affected Products

References · 11