CVE-2002-2426

EPSS 0.31%
Published 31.12.2002 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Access Essentials Version1.0

Citrix ≫ Access Essentials Version1.5

Citrix ≫ Access Essentials Version2.0

Citrix ≫ Metaframe Presentation Server Version3.0

Citrix ≫ Presentation Server Version4.0

Citrix ≫ Presentation Server Version4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.31%	0.512

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt

http://secunia.com/advisories/27633

Vendor Advisory

http://support.citrix.com/article/CTX115245

http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/

http://www.securityfocus.com/bid/26451

http://www.securitytracker.com/id?1018962

http://www.vupen.com/english/advisories/2007/3870

https://nvd.nist.gov/vuln/detail/CVE-2002-2426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-2426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-2426

EUVD