Solved

Citrix Vulnerabilities

Posted on 2011-09-22
3
1,320 Views
Last Modified: 2012-05-12
Hi,

We are running citrix license and webinterface on a same server.

Securty team has identified some Vulnerabilities on the server.

Here are the list of Citrix Vulnerabilities

Apache HTTP Server 413 Error HTTP Request Method Cross CVE-2007-6203

Web Server HTTP TRACE Method Supported CVE - 2004-2320

HTTP Server Header Information Leakage

How to clear the Vulnerabilities on the server ?


Jaya
0
Comment
Question by:shankarvetrivel
3 Comments
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 36580108
Looks like the first one is: No action required/possible at this time.  (Unless you see something in your specific stack.)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6203
Official Statement from Apache (06/09/2008)
"The Apache Software Foundation security team does not consider this issue to be a security vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site. "

Ditto the second one:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2320
Official Statement from Red Hat (03/05/2008)
"The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news "

Did the last item have more information?  Any specifics?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175658
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now