CVE-2008-6830 : The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate

The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface.

Published 2009-06-08 19:30:00

Updated 2017-08-17 01:29:36

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-6830

Probability of exploitation activity in the next 30 days: 0.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-6830

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:H/Au:N/C:P/I:N/A:P	4.9	4.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial

References for CVE-2008-6830

http://www.vupen.com/english/advisories/2008/2946

Patch;Vendor Advisory
http://www.securityfocus.com/bid/31943
http://support.citrix.com/article/CTX118768

Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46135
http://www.securitytracker.com/id?1021110

Products affected by CVE-2008-6830

Citrix » Web Interface » Version: 5.0 Java Application Server Edition
cpe:2.3:a:citrix:web_interface:5.0:*:java_application_server:*:*:*:*:*
Matching versions
Citrix » Web Interface » Version: 5.0.1 Java Application Server Edition
cpe:2.3:a:citrix:web_interface:5.0.1:*:java_application_server:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-6830

Exploit prediction scoring system (EPSS) score for CVE-2008-6830

CVSS scores for CVE-2008-6830

References for CVE-2008-6830

Products affected by CVE-2008-6830