cvelistv5 - cve-2007-2850

CVE-2007-2850 (GCVE-0-2007-2850)

Vulnerability from cvelistv5

Published

2007-05-24 18:00

Modified

2024-08-07 13:57

Severity ?

CWE

Summary

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.

References

►

URL

Tags

cve@mitre.org	http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf
cve@mitre.org	http://secunia.com/advisories/25371	Patch, Vendor Advisory
cve@mitre.org	http://support.citrix.com/article/CTX112964
cve@mitre.org	http://www.securitytracker.com/id?1018098
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1918
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34448
af854a3a-2127-422b-91ae-364da2661108	http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25371	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX112964
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018098
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1918
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34448

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:53.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "citrix-session-security-bypass(34448)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
          },
          {
            "name": "25371",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25371"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX112964"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
          },
          {
            "name": "ADV-2007-1918",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1918"
          },
          {
            "name": "1018098",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018098"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "citrix-session-security-bypass(34448)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
        },
        {
          "name": "25371",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25371"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX112964"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
        },
        {
          "name": "ADV-2007-1918",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1918"
        },
        {
          "name": "1018098",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018098"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2850",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "citrix-session-security-bypass(34448)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
            },
            {
              "name": "25371",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25371"
            },
            {
              "name": "http://support.citrix.com/article/CTX112964",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX112964"
            },
            {
              "name": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf",
              "refsource": "MISC",
              "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
            },
            {
              "name": "ADV-2007-1918",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1918"
            },
            {
              "name": "1018098",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018098"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2850",
    "datePublished": "2007-05-24T18:00:00",
    "dateReserved": "2007-05-24T00:00:00",
    "dateUpdated": "2024-08-07T13:57:53.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2850\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-05-24T18:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.\"},{\"lang\":\"es\",\"value\":\"El Session Reliability Service (XTE) del Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0 y Access Essentials 1.0 y 1.5, permite a atacantes remotos evitar las pol\u00edticas de seguridad de la red y conectarse a puertos TCP de su elecci\u00f3n a trav\u00e9s de una cadena address:port modificada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF9F197-991D-4920-BE9A-2E3495E76CD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21B89150-1806-481D-B0D9-FD37BA4798D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2000:*:*:*:*:*\",\"matchCriteriaId\":\"0C88F86F-F07D-4C17-B5D5-EC8F1A69A65A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2003:*:*:*:*:*\",\"matchCriteriaId\":\"5B4DBD3F-254D-4C25-9D7E-ECDEF7AED8BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:metaframe:3.0:*:x64_edition:*:*:*:*:*\",\"matchCriteriaId\":\"950A42AA-2FF6-4C8C-84A3-E4623D5258AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:metaframe:4.0:*:microsoft_windows_2000:*:*:*:*:*\",\"matchCriteriaId\":\"CA262BAB-EFDB-4498-85CF-592517FC836D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:metaframe:4.0:*:microsoft_windows_2003:*:*:*:*:*\",\"matchCriteriaId\":\"DF0B55D1-F942-4B6B-84AB-195A462B3119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:metaframe:4.0:*:x64_edition:*:*:*:*:*\",\"matchCriteriaId\":\"048974DF-1A85-42F5-BD08-8B2D991B411E\"}]}]}],\"references\":[{\"url\":\"http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25371\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.citrix.com/article/CTX112964\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018098\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1918\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34448\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.citrix.com/article/CTX112964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"The vendor has addressed this issue with the following product updates:\\r\\n\\r\\nMetaFrame Presentation Server 3.0 for Windows 2000 Server:\\r\\nEN - http://support.citrix.com/article/CTX112818\\r\\nFR - http://support.citrix.com/article/CTX112821\\r\\nDE - http://support.citrix.com/article/CTX112819\\r\\nJA - http://support.citrix.com/article/CTX112820\\r\\nES - http://support.citrix.com/article/CTX112822\\r\\n\\r\\nMetaFrame Presentation Server 3.0 for Windows Server 2003:\\r\\nEN - http://support.citrix.com/article/CTX112813\\r\\nFR - http://support.citrix.com/article/CTX112816\\r\\nDE - http://support.citrix.com/article/CTX112814\\r\\nJA - http://support.citrix.com/article/CTX112815\\r\\nES - http://support.citrix.com/article/CTX112817\\r\\n\\r\\nCitrix Presentation Server 4.0 for Windows 2000 Server:\\r\\nEN - http://support.citrix.com/article/CTX112844\\r\\nFR - http://support.citrix.com/article/CTX112847\\r\\nDE - http://support.citrix.com/article/CTX112845\\r\\nJA - http://support.citrix.com/article/CTX112848\\r\\nES - http://support.citrix.com/article/CTX112846\\r\\n\\r\\nCitrix Presentation Server 4.0 for Windows Server 2003:\\r\\nEN - http://support.citrix.com/article/CTX112839\\r\\nFR - http://support.citrix.com/article/CTX112842\\r\\nDE - http://support.citrix.com/article/CTX112840\\r\\nJA - http://support.citrix.com/article/CTX112843\\r\\nES - http://support.citrix.com/article/CTX112841\\r\\n\\r\\nCitrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:\\r\\nEN - http://support.citrix.com/article/CTX112886\\r\\nFR - http://support.citrix.com/article/CTX112887\\r\\nDE - http://support.citrix.com/article/CTX112888\\r\\nJA - http://support.citrix.com/article/CTX112890\\r\\nES - http://support.citrix.com/article/CTX112889\\r\\n\\r\\nCitrix Access Essentials 1.0:\\r\\nEN - http://support.citrix.com/article/CTX112839\\r\\nFR - http://support.citrix.com/article/CTX112842\\r\\nDE - http://support.citrix.com/article/CTX112840\\r\\nES - http://support.citrix.com/article/CTX112841\\r\\n\\r\\nCitrix Access Essentials 1.5:\\r\\nEN - http://support.citrix.com/article/CTX112839\\r\\nFR - http://support.citrix.com/article/CTX112842\\r\\nDE - http://support.citrix.com/article/CTX112840\\r\\nES - http://support.citrix.com/article/CTX112841\\r\\n\"}}"
  }
}

fkie_cve-2007-2850

Vulnerability from fkie_nvd

Published

2007-05-24 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf
cve@mitre.org	http://secunia.com/advisories/25371	Patch, Vendor Advisory
cve@mitre.org	http://support.citrix.com/article/CTX112964
cve@mitre.org	http://www.securitytracker.com/id?1018098
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1918
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34448
af854a3a-2127-422b-91ae-364da2661108	http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25371	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX112964
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018098
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1918
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34448

Impacted products

Vendor	Product	Version
citrix	access_essentials	1.0
citrix	access_essentials	1.5
citrix	metaframe	3.0
citrix	metaframe	3.0
citrix	metaframe	3.0
citrix	metaframe	4.0
citrix	metaframe	4.0
citrix	metaframe	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF9F197-991D-4920-BE9A-2E3495E76CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21B89150-1806-481D-B0D9-FD37BA4798D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2000:*:*:*:*:*",
              "matchCriteriaId": "0C88F86F-F07D-4C17-B5D5-EC8F1A69A65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2003:*:*:*:*:*",
              "matchCriteriaId": "5B4DBD3F-254D-4C25-9D7E-ECDEF7AED8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:metaframe:3.0:*:x64_edition:*:*:*:*:*",
              "matchCriteriaId": "950A42AA-2FF6-4C8C-84A3-E4623D5258AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:metaframe:4.0:*:microsoft_windows_2000:*:*:*:*:*",
              "matchCriteriaId": "CA262BAB-EFDB-4498-85CF-592517FC836D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:metaframe:4.0:*:microsoft_windows_2003:*:*:*:*:*",
              "matchCriteriaId": "DF0B55D1-F942-4B6B-84AB-195A462B3119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:metaframe:4.0:*:x64_edition:*:*:*:*:*",
              "matchCriteriaId": "048974DF-1A85-42F5-BD08-8B2D991B411E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string."
    },
    {
      "lang": "es",
      "value": "El Session Reliability Service (XTE) del Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0 y Access Essentials 1.0 y 1.5, permite a atacantes remotos evitar las pol\u00edticas de seguridad de la red y conectarse a puertos TCP de su elecci\u00f3n a trav\u00e9s de una cadena address:port modificada."
    }
  ],
  "evaluatorSolution": "The vendor has addressed this issue with the following product updates:\r\n\r\nMetaFrame Presentation Server 3.0 for Windows 2000 Server:\r\nEN - http://support.citrix.com/article/CTX112818\r\nFR - http://support.citrix.com/article/CTX112821\r\nDE - http://support.citrix.com/article/CTX112819\r\nJA - http://support.citrix.com/article/CTX112820\r\nES - http://support.citrix.com/article/CTX112822\r\n\r\nMetaFrame Presentation Server 3.0 for Windows Server 2003:\r\nEN - http://support.citrix.com/article/CTX112813\r\nFR - http://support.citrix.com/article/CTX112816\r\nDE - http://support.citrix.com/article/CTX112814\r\nJA - http://support.citrix.com/article/CTX112815\r\nES - http://support.citrix.com/article/CTX112817\r\n\r\nCitrix Presentation Server 4.0 for Windows 2000 Server:\r\nEN - http://support.citrix.com/article/CTX112844\r\nFR - http://support.citrix.com/article/CTX112847\r\nDE - http://support.citrix.com/article/CTX112845\r\nJA - http://support.citrix.com/article/CTX112848\r\nES - http://support.citrix.com/article/CTX112846\r\n\r\nCitrix Presentation Server 4.0 for Windows Server 2003:\r\nEN - http://support.citrix.com/article/CTX112839\r\nFR - http://support.citrix.com/article/CTX112842\r\nDE - http://support.citrix.com/article/CTX112840\r\nJA - http://support.citrix.com/article/CTX112843\r\nES - http://support.citrix.com/article/CTX112841\r\n\r\nCitrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:\r\nEN - http://support.citrix.com/article/CTX112886\r\nFR - http://support.citrix.com/article/CTX112887\r\nDE - http://support.citrix.com/article/CTX112888\r\nJA - http://support.citrix.com/article/CTX112890\r\nES - http://support.citrix.com/article/CTX112889\r\n\r\nCitrix Access Essentials 1.0:\r\nEN - http://support.citrix.com/article/CTX112839\r\nFR - http://support.citrix.com/article/CTX112842\r\nDE - http://support.citrix.com/article/CTX112840\r\nES - http://support.citrix.com/article/CTX112841\r\n\r\nCitrix Access Essentials 1.5:\r\nEN - http://support.citrix.com/article/CTX112839\r\nFR - http://support.citrix.com/article/CTX112842\r\nDE - http://support.citrix.com/article/CTX112840\r\nES - http://support.citrix.com/article/CTX112841\r\n",
  "id": "CVE-2007-2850",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-24T18:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25371"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.citrix.com/article/CTX112964"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018098"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1918"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.citrix.com/article/CTX112964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-955q-2rmr-5vhw

Vulnerability from github

Published

2022-05-01 18:07

Modified

2022-05-01 18:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2850"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-05-24T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.",
  "id": "GHSA-955q-2rmr-5vhw",
  "modified": "2022-05-01T18:07:45Z",
  "published": "2022-05-01T18:07:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2850"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
    },
    {
      "type": "WEB",
      "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25371"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX112964"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018098"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1918"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2007-2850

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-2850

Aliases

CVE-2007-2850

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2850",
    "description": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.",
    "id": "GSD-2007-2850"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2850"
      ],
      "details": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.",
      "id": "GSD-2007-2850",
      "modified": "2023-12-13T01:21:37.580043Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2850",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "citrix-session-security-bypass(34448)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
          },
          {
            "name": "25371",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25371"
          },
          {
            "name": "http://support.citrix.com/article/CTX112964",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX112964"
          },
          {
            "name": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf",
            "refsource": "MISC",
            "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
          },
          {
            "name": "ADV-2007-1918",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1918"
          },
          {
            "name": "1018098",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018098"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:metaframe:3.0:*:x64_edition:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:metaframe:4.0:*:microsoft_windows_2000:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2000:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2003:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:metaframe:4.0:*:microsoft_windows_2003:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:metaframe:4.0:*:x64_edition:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2850"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.citrix.com/article/CTX112964",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.citrix.com/article/CTX112964"
            },
            {
              "name": "1018098",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018098"
            },
            {
              "name": "25371",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25371"
            },
            {
              "name": "ADV-2007-1918",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1918"
            },
            {
              "name": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf"
            },
            {
              "name": "citrix-session-security-bypass(34448)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34448"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:31Z",
      "publishedDate": "2007-05-24T18:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-2850 (GCVE-0-2007-2850)

Vulnerability from cvelistv5

fkie_cve-2007-2850

Vulnerability from fkie_nvd

ghsa-955q-2rmr-5vhw

Vulnerability from github

gsd-2007-2850

Vulnerability from gsd

Tags

Sightings

Nomenclature