Man-in-the-Middle Vulnerability in Citrix XenMobile Server
CVE-2016-6877
5.3MEDIUM
Summary
Certain earlier versions of Citrix XenMobile Server expose a vulnerability that allows man-in-the-middle attackers to manipulate HTTP requests and trigger HTTP 302 redirections. This can be achieved through crafted HTTP Host headers and the use of cached pages, enabling attackers to redirect traffic intended for legitimate servers. Despite the vendor's assessment that exploitation requires a man-in-the-middle scenario against a TLS session, the implications of this vulnerability warrant careful consideration in configurations involving sensitive communications.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved