Description
CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7538
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=100638693315933&w=2
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3566
Scores
EPSS
0.0064
EPSS Percentile
70.8%
Details
Status
published
Products (1)
citrix/metaframe
1.8
Published
Nov 21, 2001
Tracked Since
Feb 18, 2026