Detections
Analytics
Citrix Access Gateway Plug-in for Windows ActiveX Control StartEPA() Method HTTP Response Header Parsing Overflows (CTX134303)
high Nessus Plugin ID 62777
Language:
Synopsis
The remote Windows host has an ActiveX control that is affected by multiple buffer overflow vulnerabilities.Description
The Citrix Access Gateway ActiveX control for Citrix Access Gateway Enterprise Edition is installed on the remote Windows host. It is the ActiveX component of the Citrix Access Gateway Plug-in for Windows and provides an SSL-based VPN via a web browser.The installed version of this control (nsepa.exe) is affected by the following vulnerabilities involving the 'StartEPA()' method that could lead to arbitrary code execution :
- A boundary error exists that can be exploited to cause a heap-based buffer overflow when processing overly long 'CSEC' HTTP response headers. (CVE-2011-2592)
- An integer overflow exists that can be exploited to cause a heap-based buffer overflow when processing specially crafted 'Content-Length' HTTP response headers. (CVE-2011-2593)
Solution
Update to version 9.3-57.5 / 10.0-69.4 or set the kill bit for the control.See Also
https://www.securityfocus.com/archive/1/523728/30/0/threaded
https://www.securityfocus.com/archive/1/523729/30/0/threaded
Plugin Details
Severity: High
ID: 62777
File Name: citrix_access_gateway_activex_nsepa_startepa.nasl
Version: 1.7
Type: local
Agent: windows
Family: Windows
Published: 10/31/2012
Updated: 6/3/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:citrix:access_gateway
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Patch Publication Date: 8/2/2012
Vulnerability Publication Date: 8/1/2012
Reference Information
CVE: CVE-2011-2592, CVE-2011-2593
BID: 54754
IAVB: 2012-B-0077-S
Secunia: 45299