CVE-2016-6877

5.3MEDIUM

Key Information:

Vendor: Citrix
Status: Xenmobile Server
Vendor: CVE Published:; 5 May 2017

Summary

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session

References

http://www.securityfocus.com/bid/98341

vdb-entryx_refsource_BID

https://www.solutionary.com/threat-intelligence/vulnerabi...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2017
Vulnerability Reserved
Aug 18, 2016

Collectors

NVD DatabaseMitre Database