CVE-2009-3936

Name of the Vulnerable Software and Affected Versions Citrix Online Plug-in for Windows versions 11.0.x through 11.0.149 Citrix Online Plug-in for Windows versions 11.x through 11.1 Citrix Online Plug-in for Mac version 11.0 and earlier Citrix Receiver for iPhone versions prior to 1.0.3 ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop (affected versions not specified)

Description The issue allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate.

Recommendations For Citrix Online Plug-in for Windows versions 11.0.x through 11.0.149, update to version 11.0.150 or later. For Citrix Online Plug-in for Windows versions 11.x through 11.1, update to version 11.2 or later. For Citrix Online Plug-in for Mac version 11.0 and earlier, update to a version later than 11.0. For Citrix Receiver for iPhone versions prior to 1.0.3, update to version 1.0.3 or later. For ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop, at the moment, there is no information about a newer version that contains a fix for this vulnerability.