SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Citrix Web Interface Vendors:   Citrix
Citrix Web Interface Session Disconnect Bug Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1021110
SecurityTracker URL:  http://securitytracker.com/id/1021110
CVE Reference:   CVE-2008-6830   (Links to External Site)
Updated:  Jun 11 2009
Original Entry Date:  Oct 28 2008
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0, 5.0.1
Description:   A vulnerability was reported in Citrix Web Interface for Java Application Servers. A local user can obtain elevated privileges in certain cases.

The disconnection process does not properly terminate a user's Web Interface session. A local user with access to an active web browser that was previously authenticated can access the Web Interface session.

Versions of Web Interface for Java Application Servers prior to 5.0 are not affected.

Versions of Web Interface for Microsoft Internet Information Services are not affected.

Impact:   A local user with access to an active web browser that was previously authenticated can access the Web Interface session.
Solution:   The vendor has issued a fix (5.0.2 for Java Application Servers).

The vendor's advisory is available at:

http://support.citrix.com/article/CTX118768

Vendor URL:  support.citrix.com/article/CTX118768 (Links to External Site)
Cause:   Authentication error, State error
Underlying OS:  Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC