Vulnerability Description
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Presentation Server | 4.5 |
| Citrix | Xenapp | 4.5 |
Related Weaknesses (CWE)
References
- http://osvdb.org/53900
- http://secunia.com/advisories/34865Vendor Advisory
- http://support.citrix.com/article/CTX118792PatchVendor Advisory
- http://www.securityfocus.com/bid/34691Patch
- http://www.securitytracker.com/id?1022114Patch
- http://www.vupen.com/english/advisories/2009/1154PatchVendor Advisory
- http://osvdb.org/53900
- http://secunia.com/advisories/34865Vendor Advisory
- http://support.citrix.com/article/CTX118792PatchVendor Advisory
- http://www.securityfocus.com/bid/34691Patch
- http://www.securitytracker.com/id?1022114Patch
- http://www.vupen.com/english/advisories/2009/1154PatchVendor Advisory
FAQ
What is CVE-2009-2453?
CVE-2009-2453 is a vulnerability with a CVSS score of 7.5 (HIGH). Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to byp...
How severe is CVE-2009-2453?
CVE-2009-2453 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2453?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Presentation Server, Citrix Xenapp.