CVE-2007-2850

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.

Published: May 24, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2850
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
citrix / access_essentials	1.0	1.0.x
citrix / metaframe	4.0	4.0.x
citrix / metaframe	3.0	3.0.x
citrix / access_essentials	1.5	1.5.x

http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf
http://secunia.com/advisories/25371
http://support.citrix.com/article/CTX112964
http://www.securitytracker.com/id?1018098
http://www.vupen.com/english/advisories/2007/1918
https://exchange.xforce.ibmcloud.com/vulnerabilities/34448

Vulnerability Database

290,278

CVE-2007-2850