CVE-2007-2850

Citrix MetaFrame <4.0 - Auth Bypass

Title source: llm

Description

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.

References (6)

[Patch, Vendor Advisory] http://secunia.com/advisories/25371

[Vendor Advisory] http://support.citrix.com/article/CTX112964

[Various Sources] http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34448

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018098

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1918

Scores

EPSS 0.0348

EPSS Percentile 87.4%

Classification

Status draft

Affected Products (8)

citrix/access_essentials

citrix/access_essentials

citrix/metaframe

citrix/metaframe

citrix/metaframe

citrix/metaframe

citrix/metaframe

citrix/metaframe

Timeline

Published May 24, 2007

Tracked Since Feb 18, 2026