CVE-2002-2426

Currently unrated

Key Information:

Vendor: Citrix
Status: Access Essentials; Metaframe Presentation Server; Presentation Server
Vendor: CVE Published:; 31 December 2002

Summary

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

References

http://www.securitytracker.com/id?1018962

vdb-entryx_refsource_SECTRACK

http://packetstormsecurity.org/0210-exploits/hackingcitri...

x_refsource_MISC

http://support.citrix.com/article/CTX115245

x_refsource_CONFIRM

EPSS Score

2% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Nov 19, 2007
Vulnerability published
Dec 31, 2002

Collectors

NVD DatabaseMitre Database