CVE-2002-2426
Summary
| CVE | CVE-2002-2426 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-12-31 05:00:00 UTC |
| Updated | 2011-03-08 02:11:00 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Citrix | Access Essentials | 1.0 | All | All | All |
| Application | Citrix | Access Essentials | 1.5 | All | All | All |
| Application | Citrix | Access Essentials | 2.0 | All | All | All |
| Application | Citrix | Access Essentials | 1.0 | All | All | All |
| Application | Citrix | Access Essentials | 1.5 | All | All | All |
| Application | Citrix | Access Essentials | 2.0 | All | All | All |
| Application | Citrix | Metaframe Presentation Server | 3.0 | All | All | All |
| Application | Citrix | Metaframe Presentation Server | 3.0 | All | All | All |
| Application | Citrix | Presentation Server | 4.0 | All | All | All |
| Application | Citrix | Presentation Server | 4.5 | All | All | All |
| Application | Citrix | Presentation Server | 4.0 | All | All | All |
| Application | Citrix | Presentation Server | 4.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Citrix Presentation Server Published Application Execution Weakness - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| CTX115245 - Vulnerability in Citrix Presentation Server could result in unauthorized code execution - Citrix Knowledge Center | CONFIRM | support.citrix.com | |
| CITRIX: Owning the Legitimate Backdoor | GNUCITIZEN | MISC | www.gnucitizen.org | |
| Files ≈ Packet Storm | MISC | packetstormsecurity.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Citrix Presentation Server Published Application Information May Let Remote Users Execute Arbitrary Commands - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Citrix Presentation Server Remote Unauthorized Code Execution Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.