CVE Vulnerability

CVE-2008-6830

The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 4.9 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.vupen.com/english/advisories/2008/2946 Patch Vendor Advisory
http://www.securityfocus.com/bid/31943
http://www.securitytracker.com/id?1021110
http://secunia.com/advisories/32444 Vendor Advisory
http://osvdb.org/49387 Patch
http://support.citrix.com/article/CTX118768 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46135
Configurations

Configuration 1

cpe:2.3:a:citrix:web_interface:5.0:*:java_application_server:*:*:*:*:*
cpe:2.3:a:citrix:web_interface:5.0.1:*:java_application_server:*:*:*:*:*
Information

Published : 2009-06-08 07:30

Updated : 2017-08-17 01:29

NVD link : CVE-2008-6830

Mitre link : CVE-2008-6830

Products Affected

Citrix

CWE
NVD-CWE-Other