NetScaler Web Management Interface IP Address Cookie Information Disclosure

medium Nessus Plugin ID 29221

Synopsis

The remote web server is prone to an information disclosure attack.

Description

It is possible to extract information about the remote Citrix NetScaler appliance obtained from the web management interface's session cookie, including the appliance's main IP address and software version.

Solution

None

See Also

https://www.securityfocus.com/archive/1/484182/100/0/threaded

Plugin Details

Severity: Medium

ID: 29221

File Name: netscaler_web_cookie_info.nasl

Version: 1.17

Type: remote

Family: Web Servers

Published: 12/6/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:citrix:netscaler

Required KB Items: www/netscaler, http/password

Reference Information

CVE: CVE-2007-6193

CWE: 200