CVE-2016-6877

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page.  NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
citrixxenmobile_server
𝑥
≤ 10.3.6.310
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98341
https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/
http://www.securityfocus.com/bid/98341
https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/