Citrix NFuse Network Information Disclosure Vulnerability

Citrix NFuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver.

An issue has been reported in NFuse which could allow a remote user to reveal network structure information of a host.

Reportedly, submitting a request while specifying the 'NFUSE_USER' and 'NFUSE_PASSWORD' parameters with arbitrary information, could reveal network structure information including server and domain names.

If this issue is successfully exploited, an attacker may use this information to assist in further attacks against the host.


Privacy Statement
Copyright 2010, SecurityFocus