CVE-2009-2453

Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://support.citrix.com/article/CTX118792	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1154	Patch Vendor Advisory
http://www.securityfocus.com/bid/34691	Patch
http://secunia.com/advisories/34865	Vendor Advisory
http://www.securitytracker.com/id?1022114	Patch
http://osvdb.org/53900

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:presentation_server:4.5:fp1::::::
	cpe:2.3:a:citrix:presentation_server:4.5:-:se:::::*
	cpe:2.3:a:citrix:presentation_server:4.5:-:windows_server_2003:::::*
	cpe:2.3:a:citrix:presentation_server:4.5:-:windows_server_2003_x64:::::*
	cpe:2.3:a:citrix:xenapp:4.5:fp3::::::

Information

Published : 2009-07-14 07:30

Updated : 2009-07-14 07:30

NVD link : CVE-2009-2453

Mitre link : CVE-2009-2453

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

citrix

presentation_server
xenapp

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.citrix.com/article/CTX118792", "name": "http://support.citrix.com/article/CTX118792", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/1154", "name": "ADV-2009-1154", "tags": ["Patch", "Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/34691", "name": "34691", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/34865", "name": "34865", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1022114", "name": "1022114", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/53900", "name": "53900", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-2453", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2009-07-14T14:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:citrix:presentation_server:4.5:fp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:presentation_server:4.5:-:se:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:presentation_server:4.5:-:windows_server_2003:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:presentation_server:4.5:-:windows_server_2003_x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:xenapp:4.5:fp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2009-07-14T14:30Z"}

7.5 /10