Session Management Flaw in Citrix Web Interface for Java Application Servers
CVE-2008-6830

Currently unrated

Key Information:

Vendor: Citrix
Status: Web Interface
Vendor: CVE Published:; 8 June 2009

Summary

The Citrix Web Interface versions 5.0 and 5.0.1 for Java Application Servers have a session management flaw that fails to properly terminate user sessions. This gives attackers who have valid credentials an opportunity to exploit active sessions if they share the same browser instance. Effectively, this weakens the security posture of the application, allowing unauthorized access to sensitive information and resources. It is crucial for users to ensure proper session handling to avoid potential breaches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46135

vdb-entryx_refsource_XF

http://osvdb.org/49387

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2008/2946

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Jun 8, 2009
Vulnerability Reserved
Jun 8, 2009