CVE-2001-0908 - OpenCVE

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Metaframe

Configuration 1 [-]

cpe:2.3:a:citrix:metaframe:1.8:*:*:*:*:*:*:*

References

Link	Resource
http://marc.info/?l=bugtraq&m=100638693315933&w=2
http://www.securityfocus.com/bid/3566	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7538

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-02-02T05:00:00

Updated: 2017-12-18T21:57:01

Reserved: 2002-01-31T00:00:00

Link: CVE-2001-0908

JSON object: View

NVD Information

Status : Modified

Published: 2001-11-21T05:00:00.000

Modified: 2017-12-19T02:29:28.190

Link: CVE-2001-0908

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-11-21T00:00:00", "descriptions": [{"lang": "en", "value": "CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "win-terminal-spoof-address(7538)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7538"}, {"name": "20011121 CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=100638693315933&w=2"}, {"name": "3566", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3566"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0908", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "win-terminal-spoof-address(7538)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7538"}, {"name": "20011121 CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=100638693315933&w=2"}, {"name": "3566", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3566"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0908", "datePublished": "2002-02-02T05:00:00", "dateReserved": "2002-01-31T00:00:00", "dateUpdated": "2017-12-18T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}