Session ID Exposure in Citrix Access Gateway Prior to Advanced Edition 4.5 HF1
CVE-2007-0011
Currently unrated
Summary
The Citrix Access Gateway's web portal interface fails to securely manage session identifiers by embedding them directly in the URL. This design flaw allows an attacker with access to logs, browser history, or cached information to expose sensitive session data, potentially leading to unauthorized access or session hijacking.
References
Timeline
Vulnerability published
Vulnerability Reserved