Alerts     Sign In
[x]

Site Alert(s):

  • Server maintenance Saturday Nov 22, 2008, 12:00 PM - 3:00 PM. The Knowledge Center will be unavailable during this time.
Rate this Article:
You must be signed in to rate again
 Article Feedback Print View
Alternate Languages: N/A

icon representing critical update Vulnerability in Advanced Access Control could result in policy bypass when using the Browser-Only Access feature

Document ID: CTX111615   /   Created On: Nov 14, 2006   /   Updated On: Nov 14, 2006
Average Rating: not yet rated

Severity: Medium

Description of Problem

When using the Browser-Only access feature, Advanced Access Control may fail to enforce the correct policies on some resources. This could result in users being able to gain access to resources in violation of configured policies.

This vulnerability is present in:

    • Access Gateway 4.2 with Advanced Access Control 4.2 (currently known as Access Gateway 4.2 Advanced Edition)

    • Advanced Access Control Option 4.0 (previously Access Gateway Enterprise 4.0)

Access Gateway Standard Edition and Access Gateway Enterprise Edition are not vulnerable to this issue.

What Customers Should Do

A hotfix has been released to address this issue. Citrix recommends that affected customers install the hotfix which can be downloaded from the following locations:

Advanced Access Control Option 4.0:

EN - http://support.citrix.com/article/CTX110293

FR - http://support.citrix.com/article/CTX111605

GE - http://support.citrix.com/article/CTX111603

JA - http://support.citrix.com/article/CTX111606

ES - http://support.citrix.com/article/CTX111604

Access Gateway 4.2 Advanced Edition:

EN - http://support.citrix.com/article/CTX110439

FR - http://support.citrix.com/article/CTX111609

GE - http://support.citrix.com/article/CTX111607

JA - http://support.citrix.com/article/CTX111610

ES - http://support.citrix.com/article/CTX111608

What Citrix Is Doing

Citrix is proactively notifying customers and channel partners about this potential security issue. An article containing the information in this bulletin is available from the Citrix Knowledge Base at http://support.citrix.com/.

Obtaining Support on this Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Information for contacting Citrix Technical Support is available at http://support.citrix.com/.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities very seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com containing the exact version of the product in which the vulnerability was found and steps to reproduce the vulnerability.


This document applies to:

Search
Knowledge Center
Advanced Search
XenApp
XenApp Plugins (Clients)
XenServer
XenDesktop
NetScaler Application Delivery
Access Gateway
EdgeSight
Provisioning Server
WANScaler
Password Manager
>> View All Products
Does it work with Citrix? Verify it - introducing the new Citrix Ready Community Verified
©1999-2008 Citrix Systems, Inc. All rights reserved.