Citrix Secure Gateway Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1022420 |
|
SecurityTracker URL: http://securitytracker.com/id/1022420
|
|
CVE Reference:
CVE-2009-2214
(Links to External Site)
|
Updated: Jan 6 2010
|
Original Entry Date: Jun 18 2009
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.1 and prior versions
|
Description:
A vulnerability was reported in Citrix Secure Gateway. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to the target server to cause excessive CPU consumption on the target server. The target server may also refuse any further connections.
The Citrix Access Gateway appliance is not affected when configured to act as a Citrix Secure Gateway.
The Qualys Vulnerability Research team reported this vulnerability.
|
Impact:
A remote user can cause denial of service conditions.
|
Solution:
The vendor has issued a hot fix.
Citrix Secure Gateway 3.1:
EN - http://support.citrix.com/article/CTX121012
JA - http://support.citrix.com/article/CTX121013
Citrix Secure Gateway 3.0:
EN - http://support.citrix.com/article/CTX121844
JA - http://support.citrix.com/article/CTX121845
The vendor's advisory is available at:
http://support.citrix.com/article/CTX121172
|
Vendor URL: support.citrix.com/article/CTX121172 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 18 Jun 2009 04:51:06 -0400
Subject: Vulnerability in Citrix Secure Gateway could result in Denial of Service
|
http://support.citrix.com/article/CTX121172
|
|
