Citrix NFuse Server launch.asp Arbitrary Server/Port Redirect
Medium Nessus Plugin ID 11892
SynopsisThe remote web server has an information disclosure vulnerability.
DescriptionThe remote Citrix NFuse Webserver is vulnerable to a bug wherein any anonymous user can force the server to redirect to any arbitrary IP and Port. Among other things, this flaw can allow an external attacker to use the Citrix server as a rudimentary port scanner of either another network or the internal network of which the Citrix server is a part.
SolutionPlace your Citrix server behind a reverse proxy or authenticating firewall.