CVE-2011-2593
Citrix Access Gateway Plug-in < 9.3 - Remote Code Execution via Crafted Content-Length Header
Title source: llmDescription
Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45299
Third Party Advisory x_refsource_misc
http://secunia.com/secunia_research/2012-26
Patch, Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX134303
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77317
Scores
EPSS
0.0362
EPSS Percentile
88.0%
Details
CWE
CWE-189
Status
published
Products (2)
citrix/access_gateway_plug-in
10.0
citrix/access_gateway_plug-in
< 9.3
Published
Aug 12, 2014
Tracked Since
Feb 18, 2026