Solved

Citrix Vulnerabilities

Posted on 2011-09-22
3
1,341 Views
Last Modified: 2012-05-12
Hi,

We are running citrix license and webinterface on a same server.

Securty team has identified some Vulnerabilities on the server.

Here are the list of Citrix Vulnerabilities

Apache HTTP Server 413 Error HTTP Request Method Cross CVE-2007-6203

Web Server HTTP TRACE Method Supported CVE - 2004-2320

HTTP Server Header Information Leakage

How to clear the Vulnerabilities on the server ?


Jaya
0
Comment
Question by:shankarvetrivel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 36580108
Looks like the first one is: No action required/possible at this time.  (Unless you see something in your specific stack.)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6203
Official Statement from Apache (06/09/2008)
"The Apache Software Foundation security team does not consider this issue to be a security vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site. "

Ditto the second one:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2320
Official Statement from Red Hat (03/05/2008)
"The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news "

Did the last item have more information?  Any specifics?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175658
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question