Unrated severityNVD Advisory· Published Nov 5, 2007· Updated Apr 23, 2026
CVE-2007-0011
CVE-2007-0011
Description
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.
Affected products
4cpe:2.3:a:citrix:access_gateway:4.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:citrix:access_gateway:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- secunia.com/advisories/26143nvdPatchVendor Advisory
- www.securityfocus.com/bid/24975nvdPatch
- osvdb.org/45288nvd
- securitytracker.com/idnvd
- support.citrix.com/article/CTX112803nvd
- support.citrix.com/article/CTX113814nvd
- www.securityfocus.com/archive/1/482626/100/100/threadednvd
- www.vupen.com/english/advisories/2007/2583nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35510nvd
News mentions
0No linked articles in our index yet.