** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session.
References
Link | Resource |
---|---|
https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/ | Third Party Advisory |
http://www.securityfocus.com/bid/98341 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-05-05 13:29
Updated : 2017-06-26 18:29
NVD link : CVE-2016-6877
Mitre link : CVE-2016-6877
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
citrix
- xenmobile_server