Vulnerability Description
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Xenmobile Server | <= 10.3.6.310 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98341Third Party AdvisoryVDB Entry
- https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/0Third Party Advisory
- http://www.securityfocus.com/bid/98341Third Party AdvisoryVDB Entry
- https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/0Third Party Advisory
FAQ
What is CVE-2016-6877?
CVE-2016-6877 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "ou...
How severe is CVE-2016-6877?
CVE-2016-6877 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6877?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Xenmobile Server.