Vulnerability in Citrix Metaframe
CVE-2001-0908
CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).
EPSS: 0.014 (69.2th percentile) — read the EPSS interpretation.
Affected products
- Citrix Metaframe — versions 1.8
- N/a — versions n/a
Public proof-of-concept exploits
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vdb-entry, x_refsource_BID, Vendor Advisory)
Frequently asked questions
- What is CVE-2001-0908?
- CVE-2001-0908 is a vulnerability in Citrix Metaframe. Published 2001-11-21.
- Is CVE-2001-0908 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.