Detections
Analytics

Citrix NFuse Server launch.asp Arbitrary Server/Port Redirect

medium Nessus Plugin ID 11892

Language:

Synopsis

The remote web server has an information disclosure vulnerability.

Description

The remote Citrix NFuse Webserver is vulnerable to a bug wherein any anonymous user can force the server to redirect to any arbitrary IP and Port. Among other things, this flaw can allow an external attacker to use the Citrix server as a rudimentary port scanner of either another network or the internal network of which the Citrix server is a part.

Solution

Place your Citrix server behind a reverse proxy or authenticating firewall.

See Also

https://seclists.org/vuln-dev/2003/Oct/28

Plugin Details

Severity: Medium

ID: 11892

File Name: citrix_redirect.nasl

Version: 1.21

Type: remote

Family: Web Servers

Published: 10/16/2003

Updated: 3/6/2019

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:citrix:nfuse

Required KB Items: www/ASP