Session ID Exposure in Citrix Access Gateway Prior to Advanced Edition 4.5 HF1
CVE-2007-0011

Currently unrated

Key Information:

Vendor
Citrix
Vendor
CVE Published:
5 November 2007

Summary

The Citrix Access Gateway's web portal interface fails to securely manage session identifiers by embedding them directly in the URL. This design flaw allows an attacker with access to logs, browser history, or cached information to expose sensitive session data, potentially leading to unauthorized access or session hijacking.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.