Citrix Access Gateway Unspecified Information Disclosure Vulnerability
Monday, 29 January 2007 by Michel Roth
For the second time in one week, a vulnerability has been reported in a Citrix product. This vulnerability is not as critical as the last one and applies to the Citrix Access Gateway. The Citrix Access Gateway is prone to an information disclosure vulnerability. An attacker can exploit this issue to disclose sensitive information that may be used to gain unauthorized access to the application.

This issue affects Access Gateway 4.5 Advanced Edition and Access Gateway 4.2 with Advanced Access Control 4.2 (currently known as Access Gateway 4.2 Advanced Edition) when deployed with the following versions of the Access Gateway appliance:

• Access Gateway appliance 4.2
• Access Gateway appliance 4.2.1
• Access Gateway appliance 4.2.2

here.

Related Items:

Citrix Access Gateway With Advanced Access Control Vulnerabilities (15 November 2006)
Citrix Announces Access Gateway Enterprise Edition (14 February 2006)
Clientless Failover Functionality: Citrix Access Gateway and Advanced Access Control (11 May 2006)
Citrix Access Gateway Advanced Access Control Authentication Bypass (18 September 2006)
Vulnerabilities in Access Gateway Standard and Advanced Editions clients (23 July 2007)
Certificate Conversion Tool For Secure Gateway Migrations (24 July 2006)
Citrix Announces Access Gateway 10000 Series (5 February 2007)
The Real Value Of Citrix Access Gateway (19 October 2006)
Citrix Access Gateway Technical Authorization (19 January 2005)
Forcing RDP Clients to use TS Gateway in TS Web Access (2 September 2008)
Comments (0)
Show/Hide comment form