CVE-2011-2883
Citrix Access Gateway Enterprise Edition 8.1-67.7 9.0-70.5 9.1-96.4 - Remote Code Execution via Crafted Certificate
Title source: llmDescription
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=928
Scores
EPSS
0.0037
EPSS Percentile
59.0%
Details
CWE
CWE-20
Status
published
Products (3)
citrix/access_gateway
8.1
citrix/access_gateway
9.0
citrix/access_gateway
9.1
Published
Jul 21, 2011
Tracked Since
Feb 18, 2026