Citrix XenApp/XenDesktop Multiple Code Execution Vulnerabilities (credentialed check)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is running an XML service that is affected by
multiple code execution vulnerabilities.

Description :

The remote Windows host has the Citrix XML Service, a component of
Citrix XenApp and XenDesktop, installed. According to its version
number, the Citrix XML service installed on the remote host is
affected by multiple code execution vulnerabilities when handling
specially crafted HTTP POST requests.

See also :

http://seclists.org/bugtraq/2011/Jul/224
http://seclists.org/bugtraq/2011/Jul/225
http://support.citrix.com/article/CTX129430

Solution :

Apply the relevant vendor-supplied patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 56282 ()

Bugtraq ID: 48898

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now