Solved

Citrix Vulnerabilities

Posted on 2011-09-22
3
1,331 Views
Last Modified: 2012-05-12
Hi,

We are running citrix license and webinterface on a same server.

Securty team has identified some Vulnerabilities on the server.

Here are the list of Citrix Vulnerabilities

Apache HTTP Server 413 Error HTTP Request Method Cross CVE-2007-6203

Web Server HTTP TRACE Method Supported CVE - 2004-2320

HTTP Server Header Information Leakage

How to clear the Vulnerabilities on the server ?


Jaya
0
Comment
Question by:shankarvetrivel
3 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 36580108
Looks like the first one is: No action required/possible at this time.  (Unless you see something in your specific stack.)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6203
Official Statement from Apache (06/09/2008)
"The Apache Software Foundation security team does not consider this issue to be a security vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site. "

Ditto the second one:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2320
Official Statement from Red Hat (03/05/2008)
"The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news "

Did the last item have more information?  Any specifics?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175658
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question