Citrix NFuse Server launch.asp Arbitrary Server/Port Redirect

Medium Nessus Plugin ID 11892


The remote web server has an information disclosure vulnerability.


The remote Citrix NFuse Webserver is vulnerable to a bug wherein any anonymous user can force the server to redirect to any arbitrary IP and Port. Among other things, this flaw can allow an external attacker to use the Citrix server as a rudimentary port scanner of either another network or the internal network of which the Citrix server is a part.


Place your Citrix server behind a reverse proxy or authenticating firewall.

See Also

Plugin Details

Severity: Medium

ID: 11892

File Name: citrix_redirect.nasl

Version: $Revision: 1.18 $

Type: remote

Family: Web Servers

Published: 2003/10/16

Modified: 2016/11/15

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:citrix:nfuse

Required KB Items: www/ASP

Reference Information

OSVDB: 50623