CVE-2011-2592

Citrix Access Gateway Plug-in 9.x < 9.3-57.5 and 10.0 < 10.0-69.4 - Remote Code Execution via CSEC HTTP Response Header

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header.

References (5)

Core 5
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-08/0009.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/84433
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77316
Third Party Advisory x_refsource_misc
http://secunia.com/secunia_research/2012-27
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX134303

Scores

EPSS 0.1761
EPSS Percentile 95.2%

Details

CWE
CWE-119
Status published
Products (5)
citrix/access_gateway_plug-in 9.0
citrix/access_gateway_plug-in 9.1
citrix/access_gateway_plug-in 9.2
citrix/access_gateway_plug-in 9.3
citrix/access_gateway_plug-in 10.0
Published Jun 18, 2014
Tracked Since Feb 18, 2026