Citrix Vulnerabilities

Hi,

We are running citrix license and webinterface on a same server.

Securty team has identified some Vulnerabilities on the server.

Here are the list of Citrix Vulnerabilities

Apache HTTP Server 413 Error HTTP Request Method Cross CVE-2007-6203

Web Server HTTP TRACE Method Supported CVE - 2004-2320

HTTP Server Header Information Leakage

How to clear the Vulnerabilities on the server ?


Jaya
shankarvetrivelAsked:
Who is Participating?
 
Rich WeisslerConnect With a Mentor Professional Troublemaker^h^h^h^h^hshooterCommented:
Looks like the first one is: No action required/possible at this time.  (Unless you see something in your specific stack.)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6203
Official Statement from Apache (06/09/2008)
"The Apache Software Foundation security team does not consider this issue to be a security vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site. "

Ditto the second one:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2320
Official Statement from Red Hat (03/05/2008)
"The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news "

Did the last item have more information?  Any specifics?
0
 
TolomirAdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
All Courses

From novice to tech pro — start learning today.