Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0760 — Citrix Nfuse vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

6.6%

top 8.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Citrix Nfuse

Timeline

PublishedOct 18

Latest updateApr 30

Description

Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcitrix/nfuse1.51

🔴Vulnerability Details

GHSA

GHSA-4g4h-9c64-2wvp: Citrix Nfuse 1↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Citrix Nfuse 1.51 - Webroot Disclosure↗2001-07-02

▶

📋Vendor Advisories

Citrix

CVE-2001-0760: Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the↗2001-10-18

▶