Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6830

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-6830
Last Modified 09 Jun 2009 12:00:00
Published 08 Jun 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-6830

Summary

The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface.

Vulnerable Systems

Application

  • Citrix Web Interface 5.0

  • Citrix Web Interface 5.0.1


References

VUPEN - ADV-2008-2946

CONFIRM - http://support.citrix.com/article/CTX118768

OSVDB - 49387

XF - citrix-webinterface-security-bypass(46135)

SECTRACK - 1021110

BID - 31943

SECUNIA - 32444


Last Updated: 27 May 2016 10:49:22