CVE-2001-0908

high

Description

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7538

http://www.securityfocus.com/bid/3566

http://marc.info/?l=bugtraq&m=100638693315933&w=2

Details

Source: Mitre, NVD

Published: 2001-11-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

EPSS

EPSS: 0.0064