Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0908

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0908
Last Modified 05 Sep 2008 04:25:12
Published 21 Nov 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0908

Summary

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).

Vulnerable Systems

Application

  • Citrix Metaframe 1.8


References

XF - win-terminal-spoof-address(7538)

BID - 3566

BUGTRAQ - 20011121 CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability


Last Updated: 27 May 2016 10:36:26