Vulnerability in Citrix Metaframe

CVE-2001-0908

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).

EPSS: 0.014 (69.2th percentile) — read the EPSS interpretation.

Affected products

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2001-0908?
CVE-2001-0908 is a vulnerability in Citrix Metaframe. Published 2001-11-21.
Is CVE-2001-0908 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.