ID
VAR-201102-0377
CVE
CVE-2011-1101
TITLE
Citrix Licensing Administration Console Vulnerability in unauthorized access to license management functions in third-party components
Trust: 0.8
DESCRIPTION
Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors. An attacker can exploit these issues to bypass certain security restrictions and cause denial-of-service conditions. Few technical details are currently available. We will update this BID as more information emerges. Citrix Licensing 11.6 and prior are affected. ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Citrix Licensing Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43459 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43459/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43459 RELEASE DATE: 2011-03-10 DISCUSS ADVISORY: http://secunia.com/advisories/43459/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43459/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43459 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Citrix Licensing, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). The vulnerabilities are reported in versions 11.6 and prior. SOLUTION: Restrict access to the system to trusted users only. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Citrix (CTX128167): http://support.citrix.com/article/CTX128167 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | citrix | model: | licensing administration console | scope: | eq | version: | 11.6 | Trust: 2.4 |
| vendor: | citrix | model: | licensing | scope: | eq | version: | 11.6 | Trust: 0.3 |
| vendor: | citrix | model: | licensing | scope: | eq | version: | 11.5 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
lack of information
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | CTX128167 | url: | http://support.citrix.com/article/CTX128167 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2011-1101 | Trust: 2.7 |
| db: | BID | id: | 46529 | Trust: 1.9 |
| db: | SECUNIA | id: | 43459 | Trust: 1.7 |
| db: | VUPEN | id: | ADV-2011-0477 | Trust: 1.6 |
| db: | SECTRACK | id: | 1025123 | Trust: 1.6 |
| db: | JVNDB | id: | JVNDB-2011-004337 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201102-373 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 99140 | Trust: 0.1 |
REFERENCES
| url: | http://support.citrix.com/article/ctx128167 | Trust: 2.0 |
| url: | http://www.vupen.com/english/advisories/2011/0477 | Trust: 1.6 |
| url: | http://www.securitytracker.com/id?1025123 | Trust: 1.6 |
| url: | http://www.securityfocus.com/bid/46529 | Trust: 1.6 |
| url: | http://secunia.com/advisories/43459 | Trust: 1.6 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/65633 | Trust: 1.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1101 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1101 | Trust: 0.8 |
| url: | http://www.citrix.com | Trust: 0.3 |
| url: | http://secunia.com/products/corporate/evm/ | Trust: 0.1 |
| url: | http://secunia.com/products/corporate/vim/section_179/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/secunia_security_advisories/ | Trust: 0.1 |
| url: | http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ | Trust: 0.1 |
| url: | https://ca.secunia.com/?page=viewadvisory&vuln_id=43459 | Trust: 0.1 |
| url: | http://secunia.com/vulnerability_scanning/personal/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/43459/#comments | Trust: 0.1 |
| url: | http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org | Trust: 0.1 |
| url: | http://secunia.com/advisories/43459/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/about_secunia_advisories/ | Trust: 0.1 |
CREDITS
Citrix
Trust: 0.3
SOURCES
| db: | BID | id: | 46529 |
| db: | JVNDB | id: | JVNDB-2011-004337 |
| db: | PACKETSTORM | id: | 99140 |
| db: | CNNVD | id: | CNNVD-201102-373 |
| db: | NVD | id: | CVE-2011-1101 |
LAST UPDATE DATE
2024-11-23T22:59:56.591000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 46529 | date: | 2015-04-13T21:01:00 |
| db: | JVNDB | id: | JVNDB-2011-004337 | date: | 2012-03-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201102-373 | date: | 2011-02-28T00:00:00 |
| db: | NVD | id: | CVE-2011-1101 | date: | 2024-11-21T01:25:31.813 |
SOURCES RELEASE DATE
| db: | BID | id: | 46529 | date: | 2011-02-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2011-004337 | date: | 2012-03-27T00:00:00 |
| db: | PACKETSTORM | id: | 99140 | date: | 2011-03-10T05:51:04 |
| db: | CNNVD | id: | CNNVD-201102-373 | date: | 2011-02-28T00:00:00 |
| db: | NVD | id: | CVE-2011-1101 | date: | 2011-02-25T19:00:01.383 |