Man-in-the-Middle Vulnerability in Citrix XenMobile Server
CVE-2016-6877

5.3MEDIUM

Key Information:

Vendor

Citrix
Status
Xenmobile Server
Vendor
CVE Published:
5 May 2017

What is CVE-2016-6877?

Certain earlier versions of Citrix XenMobile Server expose a vulnerability that allows man-in-the-middle attackers to manipulate HTTP requests and trigger HTTP 302 redirections. This can be achieved through crafted HTTP Host headers and the use of cached pages, enabling attackers to redirect traffic intended for legitimate servers. Despite the vendor's assessment that exploitation requires a man-in-the-middle scenario against a TLS session, the implications of this vulnerability warrant careful consideration in configurations involving sensitive communications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/98341
vdb-entryx_refsource_BID
https://www.solutionary.com/threat-intelligence/vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.