Man-in-the-Middle Vulnerability in Citrix XenMobile Server
CVE-2016-6877

5.3MEDIUM

Key Information:

Vendor
Citrix
Vendor
CVE Published:
5 May 2017

Summary

Certain earlier versions of Citrix XenMobile Server expose a vulnerability that allows man-in-the-middle attackers to manipulate HTTP requests and trigger HTTP 302 redirections. This can be achieved through crafted HTTP Host headers and the use of cached pages, enabling attackers to redirect traffic intended for legitimate servers. Despite the vendor's assessment that exploitation requires a man-in-the-middle scenario against a TLS session, the implications of this vulnerability warrant careful consideration in configurations involving sensitive communications.

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.