CVE-2002-2426
4.3
CVSS Score
Medium
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Link copied!
Description
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Affected Software Configurations
- a citrix access_essentials 1.0 * * * * * * *
- a citrix access_essentials 1.5 * * * * * * *
- a citrix access_essentials 2.0 * * * * * * *
- a citrix metaframe_presentation_server 3.0 * * * * * * *
- a citrix presentation_server 4.0 * * * * * * *
- a citrix presentation_server 4.5 * * * * * * *
Weaknesses (CWE)
- CWE-352
References & External Links
- http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt
- http://secunia.com/advisories/27633
- http://support.citrix.com/article/CTX115245
- http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
- http://www.securityfocus.com/bid/26451
- http://www.securitytracker.com/id?1018962
- http://www.vupen.com/english/advisories/2007/3870
- http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt
- http://secunia.com/advisories/27633
- http://support.citrix.com/article/CTX115245
- http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
- http://www.securityfocus.com/bid/26451
- http://www.securitytracker.com/id?1018962
- http://www.vupen.com/english/advisories/2007/3870
External Resources
CVE History Timeline
Jan 02, 2008 18:37
Initial Analysis
May 14, 2024 01:23
CVE Modified
Nov 20, 2024 23:43
CVE Modified