Vulnerabilities > CVE-2015-2682 - Code vulnerability in Citrix Command Center 5.1/5.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Citrix Command Center - Credential Disclosure. CVE-2015-2682. Webapps exploit for xml platform |
| file | exploits/xml/webapps/36441.txt |
| id | EDB-ID:36441 |
| last seen | 2016-02-04 |
| modified | 2015-03-19 |
| platform | xml |
| port | 8443 |
| published | 2015-03-19 |
| reporter | Han Sahin |
| source | https://www.exploit-db.com/download/36441/ |
| title | Citrix Command Center - Credential Disclosure |
| type | webapps |
References
- http://support.citrix.com/article/CTX200584
- http://seclists.org/fulldisclosure/2015/Mar/126
- https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html
- http://packetstormsecurity.com/files/130928/Citrix-Command-Center-Configuration-Disclosure.html
- http://www.securitytracker.com/id/1031993
- http://www.securityfocus.com/bid/73309
- https://www.exploit-db.com/exploits/36441/