Description
Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1023168
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3206
Patch, Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX123248
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37073
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37319
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54213
Scores
EPSS
0.0034
EPSS Percentile
56.7%
Details
CWE
CWE-310
Status
published
Products (5)
citrix/online_plug-in_for_mac
< 10.0
citrix/online_plug-in_for_windows
11.0
citrix/online_plug-in_for_windows
11.1
citrix/online_plug-in_for_windows
< 11.2
citrix/receiver_for_iphone
< 1.0
Published
Nov 13, 2009
Tracked Since
Feb 18, 2026