Sign-up

ID

VAR-200612-0114


CVE

CVE-2006-6573


TITLE

Citrix Access Gateway appliances vulnerable to information disclosure

Trust: 0.8

sources: CERT/CC: VU#555220

DESCRIPTION

Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors. An attacker can exploit this issue to disclose sensitive information that may be used to gain unauthorized access to the application. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. 1) An error in the Browser-Only access feature may allow users access to certain protected resources. 2) An error in the login process may allow users access to certain protected resources. SOLUTION: Apply hotfix AACE400W004: http://support.citrix.com/article/CTX110293 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Citrix: http://support.citrix.com/article/CTX111614 http://support.citrix.com/article/CTX111615 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.88

sources: NVD: CVE-2006-6573 // CERT/CC: VU#555220 // JVNDB: JVNDB-2006-001758 // BID: 21079 // VULHUB: VHN-22681 // PACKETSTORM: 52104 // PACKETSTORM: 52117

AFFECTED PRODUCTS

vendor:citrixmodel:access gatewayscope:eqversion:4.2.1

Trust: 1.6

vendor:citrixmodel:access gatewayscope:eqversion:4.5

Trust: 1.6

vendor:citrixmodel:access gatewayscope:eqversion:4.2

Trust: 1.6

vendor:citrixmodel:access gatewayscope:eqversion:4.2.2

Trust: 1.6

vendor:citrixmodel: - scope: - version: -

Trust: 0.8

vendor:citrixmodel:access gatewayscope:eqversion:advanced edition 4.5

Trust: 0.8

vendor:citrixmodel:access gatewayscope:eqversion:appliance 4.2 to 4.2.2

Trust: 0.8

vendor:citrixmodel:access gateway advanced editionscope:eqversion:4.5

Trust: 0.3

vendor:citrixmodel:access gateway aacscope:eqversion:4.2

Trust: 0.3

sources: CERT/CC: VU#555220 // BID: 21079 // JVNDB: JVNDB-2006-001758 // CNNVD: CNNVD-200612-362 // NVD: CVE-2006-6573

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6573
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-6573
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200612-362
value: MEDIUM

Trust: 0.6

VULHUB: VHN-22681
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-6573
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-22681
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-22681 // JVNDB: JVNDB-2006-001758 // CNNVD: CNNVD-200612-362 // NVD: CVE-2006-6573

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6573

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200612-362

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200612-362

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001758

PATCH
title:CTX111695url:http://support.citrix.com/article/CTX111695
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001758

EXTERNAL IDS
db:CERT/CCid:VU#555220
Trust: 3.6
db:NVDid:CVE-2006-6573
Trust: 2.8
db:SECUNIAid:22908
Trust: 2.6
db:BIDid:21079
Trust: 2.0
db:SECUNIAid:22909
Trust: 1.8
db:VUPENid:ADV-2006-4524
Trust: 1.7
db:SECTRACKid:1017228
Trust: 1.7
db:JVNDBid:JVNDB-2006-001758
Trust: 0.8
db:CNNVDid:CNNVD-200612-362
Trust: 0.7
db:XFid:30298
Trust: 0.6
db:VULHUBid:VHN-22681
Trust: 0.1
db:PACKETSTORMid:52104
Trust: 0.1
db:PACKETSTORMid:52117
Trust: 0.1
sources:
            
            
            CERT/CC: VU#555220 // 
            
            
            
            VULHUB: VHN-22681 // 
            
            
            
            BID: 21079 // 
            
            
            
            JVNDB: JVNDB-2006-001758 // 
            
            
            
            PACKETSTORM: 52104 // 
            
            
            
            PACKETSTORM: 52117 // 
            
            
            
            CNNVD: CNNVD-200612-362 // 
            
            
            
            NVD: CVE-2006-6573

REFERENCES
url:http://www.kb.cert.org/vuls/id/555220
Trust: 2.8
url:http://support.citrix.com/article/ctx111695
Trust: 2.1
url:http://www.securityfocus.com/bid/21079
Trust: 1.7
url:http://securitytracker.com/id?1017228
Trust: 1.7
url:http://secunia.com/advisories/22908
Trust: 1.7
url:http://secunia.com/advisories/22909
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/4524
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/30298
Trust: 1.1
url:http://secunia.com/advisories/22908/
Trust: 0.9
url:http://support.citrix.com/article/ctx111695 
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6573
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6573
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/30298
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/4524
Trust: 0.6
url:http://secunia.com/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/product/6168/
Trust: 0.2
url:http://corporate.secunia.com/products/48/?r=l
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://corporate.secunia.com/how_to_buy/15/?r=l
Trust: 0.2
url:http://secunia.com/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/advisories/22909/
Trust: 0.1
url:http://support.citrix.com/article/ctx110293
Trust: 0.1
url:http://support.citrix.com/article/ctx111614
Trust: 0.1
url:http://support.citrix.com/article/ctx111615
Trust: 0.1
sources:
            
            
            CERT/CC: VU#555220 // 
            
            
            
            VULHUB: VHN-22681 // 
            
            
            
            BID: 21079 // 
            
            
            
            JVNDB: JVNDB-2006-001758 // 
            
            
            
            PACKETSTORM: 52104 // 
            
            
            
            PACKETSTORM: 52117 // 
            
            
            
            CNNVD: CNNVD-200612-362 // 
            
            
            
            NVD: CVE-2006-6573

CREDITS
This issue was discovered by Thierry Zoller and Laurent Kempenaar.
Trust: 0.9
sources:
            
            
            BID: 21079 // 
            
            
            
            CNNVD: CNNVD-200612-362

SOURCES
db:CERT/CCid:VU#555220
db:VULHUBid:VHN-22681
db:BIDid:21079
db:JVNDBid:JVNDB-2006-001758
db:PACKETSTORMid:52104
db:PACKETSTORMid:52117
db:CNNVDid:CNNVD-200612-362
db:NVDid:CVE-2006-6573

LAST UPDATE DATE
2024-08-14T14:22:34.873000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#555220date:2007-01-29T00:00:00
db:VULHUBid:VHN-22681date:2017-07-29T00:00:00
db:BIDid:21079date:2007-01-29T15:08:00
db:JVNDBid:JVNDB-2006-001758date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-362date:2006-12-18T00:00:00
db:NVDid:CVE-2006-6573date:2017-07-29T01:29:36.843

SOURCES RELEASE DATE
db:CERT/CCid:VU#555220date:2007-01-29T00:00:00
db:VULHUBid:VHN-22681date:2006-12-15T00:00:00
db:BIDid:21079date:2006-11-14T00:00:00
db:JVNDBid:JVNDB-2006-001758date:2012-06-26T00:00:00
db:PACKETSTORMid:52104date:2006-11-16T03:19:38
db:PACKETSTORMid:52117date:2006-11-16T03:19:38
db:CNNVDid:CNNVD-200612-362date:2006-12-15T00:00:00
db:NVDid:CVE-2006-6573date:2006-12-15T11:28:00