Medium severity5.3NVD Advisory· Published May 5, 2017· Updated May 13, 2026

CVE-2016-6877

Description

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/98341nvdThird Party AdvisoryVDB Entry
www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000