BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Citrix Licensing Server 11.x Unspecified Vulnerabilities

Disclosed February 22, 2011    Fully Patched

Vulnerability Description:

Citrix Licensing Server 11.x Administration Console contains multiple unspecified vulnerabilities in third-party components. An attacker could gain access to the licensing administrative interface or cause a denial of service against licensing components. Exploitation requires interaction with an administrator authenticated to the Licensing Server (e.g. clicking a crafted link).

Vendors:

Citrix

Vulnerable Software/Devices:

Citrix Licensing Server 11.6

Vulnerability Severity:

Low

Exploit Availability:

N/A

Exploit Impact:

Information Disclosure
Security Bypass, Disclosure of Information, Denial of Service Condition These vulnerabilities could allow an attacker to gain access to otherwise restricted components, gain access to potentially sensitive information, or cause a denial of service against components.

BeyondTrust Prevention and Detection:

  • BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
    • Retina Audit 31250 - Citrix License Server Admin Components Multiple Vulnerabilities (20110222) - Win
    • Retina Audit 34481 - Citrix License Server Admin Components Vulnerabilities (20110222) - UNIX

Mitigation:

Restrict access to the Administration Console port. Administrators should avoid untrusted websites or suspicious URLs.

Links:

CVE(s):

None