Session ID Exposure in Citrix Access Gateway Prior to Advanced Edition 4.5 HF1
CVE-2007-0011

Currently unrated

Key Information:

Vendor: Citrix
Status: Access Gateway
Vendor: CVE Published:; 5 November 2007

Summary

The Citrix Access Gateway's web portal interface fails to securely manage session identifiers by embedding them directly in the URL. This design flaw allows an attacker with access to logs, browser history, or cached information to expose sensitive session data, potentially leading to unauthorized access or session hijacking.

References

http://www.vupen.com/english/advisories/2007/2583

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/26143

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/24975

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 5, 2007
Vulnerability Reserved
Jan 1, 2007