CVE-2016-6877

Name of the Vulnerable Software and Affected Versions Citrix XenMobile Server versions prior to 10.5.0.24

Description The issue allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. However, the vendor reports that their internal analysis concluded this was not a valid vulnerability because an exploitation scenario would involve a man-in-the-middle attack against a TLS session.

Recommendations For versions prior to 10.5.0.24, update to version 10.5.0.24 or later to resolve the issue.