Sign-up

ID

VAR-200906-0242


CVE

CVE-2009-2214


TITLE

Citrix Secure Gateway of Secure Gateway Service disruption in services (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-003550

DESCRIPTION

The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. An attacker can exploit this issue to crash the server, denying access to legitimate users. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Apply the hotfix. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX121172 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-2214 // JVNDB: JVNDB-2009-003550 // BID: 35421 // VULHUB: VHN-39660 // PACKETSTORM: 78517

AFFECTED PRODUCTS

vendor:citrixmodel:secure gatewayscope:lteversion:3.1

Trust: 1.8

vendor:citrixmodel:secure gatewayscope:eqversion:3.0

Trust: 1.6

vendor:citrixmodel:secure gatewayscope:eqversion:3.1

Trust: 0.9

sources: BID: 35421 // JVNDB: JVNDB-2009-003550 // CNNVD: CNNVD-200906-403 // NVD: CVE-2009-2214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2214
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2214
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200906-403
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39660
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2214
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39660
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39660 // JVNDB: JVNDB-2009-003550 // CNNVD: CNNVD-200906-403 // NVD: CVE-2009-2214

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-39660 // JVNDB: JVNDB-2009-003550 // NVD: CVE-2009-2214

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200906-403

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200906-403

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003550

PATCH
title:CTX121172url:http://support.citrix.com/article/CTX121172
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003550

EXTERNAL IDS
db:NVDid:CVE-2009-2214
Trust: 2.5
db:BIDid:35421
Trust: 2.0
db:SECUNIAid:35503
Trust: 1.8
db:SECTRACKid:1022420
Trust: 1.7
db:VUPENid:ADV-2009-1633
Trust: 1.7
db:JVNDBid:JVNDB-2009-003550
Trust: 0.8
db:XFid:51216
Trust: 0.6
db:CNNVDid:CNNVD-200906-403
Trust: 0.6
db:VULHUBid:VHN-39660
Trust: 0.1
db:PACKETSTORMid:78517
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39660 // 
            
            
            
            BID: 35421 // 
            
            
            
            JVNDB: JVNDB-2009-003550 // 
            
            
            
            PACKETSTORM: 78517 // 
            
            
            
            CNNVD: CNNVD-200906-403 // 
            
            
            
            NVD: CVE-2009-2214

REFERENCES
url:http://support.citrix.com/article/ctx121172
Trust: 2.1
url:http://www.securityfocus.com/bid/35421
Trust: 1.7
url:http://www.securitytracker.com/id?1022420
Trust: 1.7
url:http://secunia.com/advisories/35503
Trust: 1.7
url:http://www.vupen.com/english/advisories/2009/1633
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/51216
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2214
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2214
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/51216
Trust: 0.6
url:http://www.citrix.com/
Trust: 0.3
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/advisories/35503/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://support.citrix.com/article/ctx121012
Trust: 0.1
url:http://support.citrix.com/article/ctx121013
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39660 // 
            
            
            
            BID: 35421 // 
            
            
            
            JVNDB: JVNDB-2009-003550 // 
            
            
            
            PACKETSTORM: 78517 // 
            
            
            
            CNNVD: CNNVD-200906-403 // 
            
            
            
            NVD: CVE-2009-2214

CREDITS
Qualys Vulnerability Research team
Trust: 0.3
sources:
            
            
            BID: 35421

SOURCES
db:VULHUBid:VHN-39660
db:BIDid:35421
db:JVNDBid:JVNDB-2009-003550
db:PACKETSTORMid:78517
db:CNNVDid:CNNVD-200906-403
db:NVDid:CVE-2009-2214

LAST UPDATE DATE
2025-04-10T23:24:52.927000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39660date:2017-08-17T00:00:00
db:BIDid:35421date:2009-06-18T13:59:00
db:JVNDBid:JVNDB-2009-003550date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200906-403date:2009-06-26T00:00:00
db:NVDid:CVE-2009-2214date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-39660date:2009-06-25T00:00:00
db:BIDid:35421date:2009-06-15T00:00:00
db:JVNDBid:JVNDB-2009-003550date:2012-06-26T00:00:00
db:PACKETSTORMid:78517date:2009-06-18T07:29:41
db:CNNVDid:CNNVD-200906-403date:2009-06-25T00:00:00
db:NVDid:CVE-2009-2214date:2009-06-25T23:14:15.687