CSRF Vulnerability in Citrix Presentation Server and MetaFrame Server
CVE-2002-2426

Currently unrated

Key Information:

Vendor: Citrix
Status: Access Essentials; Metaframe Presentation Server; Presentation Server
Vendor: CVE Published:; 31 December 2002

Summary

A cross-site request forgery vulnerability exists in Citrix Presentation Server and related products that allows remote attackers to leverage the InitialProgram key in an ICA connection. By executing arbitrary published applications under the context of an authenticated user, attackers can potentially gain unauthorized access to sensitive data or execute unintended commands. This vulnerability impacts Citrix Presentation Server versions 4.0 and 4.5, along with MetaFrame Presentation Server 3.0, and Access Essentials versions 1.0 through 2.0. Users are advised to review the configurations and apply necessary security measures to mitigate this risk.

References

http://www.securitytracker.com/id?1018962

vdb-entryx_refsource_SECTRACK

http://packetstormsecurity.org/0210-exploits/hackingcitri...

x_refsource_MISC

http://support.citrix.com/article/CTX115245

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Nov 19, 2007
Vulnerability published
Dec 31, 2002