Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2426

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2002-2426
Last Modified 07 Mar 2011 09:11:55
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-2426

Summary

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Citrix Access Essentials 1.0

  • Citrix Access Essentials 1.5

  • Citrix Access Essentials 2.0

  • Citrix Metaframe Presentation Server 3.0

  • Citrix Presentation Server 4.0

  • Citrix Presentation Server 4.5


References

VUPEN - ADV-2007-3870

SECTRACK - 1018962

BID - 26451

CONFIRM - http://support.citrix.com/article/CTX115245

SECUNIA - 27633

MISC - http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt


Last Updated: 27 May 2016 10:37:44