CVE-2007-0011
published 2007-11-05CVE-2007-0011: The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.12%
79.5th percentile
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | access_gateway | — | — |
| citrix | access_gateway | — | — |
| citrix | access_gateway | — | — |
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2007-0011: The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL,
vendor_citrix·2007-11-05·CVSS 5.0
CVE-2007-0011 [MEDIUM] CWE-200 CVE-2007-0011: The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL,
CVE-2007-0011: The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.
Citrix
Citrix Security Bulletin CTX112803
vendor_citrix·CVSS 5.0
CVE-2007-0011 [MEDIUM] Citrix Security Bulletin CTX112803
Citrix Security Bulletin CTX112803
CVE References: CVE-2007-0011, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX113814
vendor_citrix·CVSS 5.0
CVE-2007-0011 [MEDIUM] Citrix Security Bulletin CTX113814
Citrix Security Bulletin CTX113814
CVE References: CVE-2007-0011, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-ph74-68r2-9xmr: The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4
ghsa_unreviewed·2022-05-01
CVE-2007-0011 [MEDIUM] CWE-200 GHSA-ph74-68r2-9xmr: The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/45288http://secunia.com/advisories/26143http://securitytracker.com/id?1018435http://support.citrix.com/article/CTX112803http://support.citrix.com/article/CTX113814http://www.securityfocus.com/archive/1/482626/100/100/threadedhttp://www.securityfocus.com/bid/24975http://www.vupen.com/english/advisories/2007/2583https://exchange.xforce.ibmcloud.com/vulnerabilities/35510http://osvdb.org/45288http://secunia.com/advisories/26143http://securitytracker.com/id?1018435http://support.citrix.com/article/CTX112803http://support.citrix.com/article/CTX113814http://www.securityfocus.com/archive/1/482626/100/100/threadedhttp://www.securityfocus.com/bid/24975http://www.vupen.com/english/advisories/2007/2583https://exchange.xforce.ibmcloud.com/vulnerabilities/35510
2007-11-05
Published