Path Disclosure Vulnerability in Citrix Nfuse 1.51
CVE-2001-0760

Currently unrated

Key Information:

Vendor: Citrix
Status: Nfuse
Vendor: CVE Published:; 18 October 2001

Summary

Citrix Nfuse version 1.51 is vulnerable to a path disclosure issue that allows remote attackers to exposure sensitive information. By sending a specially crafted request to the 'launch.asp' file without a session field, attackers can obtain the absolute path of the web root. This vulnerability can potentially aid malicious actors in formulating further attacks against the system.

References

http://www.securityfocus.com/bid/2956

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/6786

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/194449

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Oct 18, 2001
Vulnerability Reserved
Oct 12, 2001