Vulnerability Description
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Access Essentials | 1.0 |
| Citrix | Metaframe | 3.0 |
References
- http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf
- http://secunia.com/advisories/25371PatchVendor Advisory
- http://support.citrix.com/article/CTX112964
- http://www.securitytracker.com/id?1018098
- http://www.vupen.com/english/advisories/2007/1918
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34448
- http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf
- http://secunia.com/advisories/25371PatchVendor Advisory
- http://support.citrix.com/article/CTX112964
- http://www.securitytracker.com/id?1018098
- http://www.vupen.com/english/advisories/2007/1918
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34448
FAQ
What is CVE-2007-2850?
CVE-2007-2850 is a vulnerability with a CVSS score of 10.0 (HIGH). The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security polici...
How severe is CVE-2007-2850?
CVE-2007-2850 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2850?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Access Essentials, Citrix Metaframe.