Description
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.
References (6)
Core 6
Core References
Various Sources x_refsource_misc
http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34448
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25371
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX112964
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1918
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018098
Scores
EPSS
0.0348
EPSS Percentile
87.7%
Details
Status
published
Products (4)
citrix/access_essentials
1.0
citrix/access_essentials
1.5
citrix/metaframe
3.0 (3 CPE variants)
citrix/metaframe
4.0 (3 CPE variants)
Published
May 24, 2007
Tracked Since
Feb 18, 2026