Man-in-the-Middle Vulnerability in Citrix XenMobile Server
CVE-2016-6877

5.3MEDIUM

Key Information:

Vendor: Citrix
Status: Xenmobile Server
Vendor: CVE Published:; 5 May 2017

Summary

Certain earlier versions of Citrix XenMobile Server expose a vulnerability that allows man-in-the-middle attackers to manipulate HTTP requests and trigger HTTP 302 redirections. This can be achieved through crafted HTTP Host headers and the use of cached pages, enabling attackers to redirect traffic intended for legitimate servers. Despite the vendor's assessment that exploitation requires a man-in-the-middle scenario against a TLS session, the implications of this vulnerability warrant careful consideration in configurations involving sensitive communications.

References

http://www.securityfocus.com/bid/98341

vdb-entryx_refsource_BID

https://www.solutionary.com/threat-intelligence/vulnerabi...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2017
Vulnerability Reserved
Aug 18, 2016