Virtualization provider Citrix Systems, Inc., this interface is an XML service issued an order to install patches for new products, XenApp and XenDesktop urges users. Was evaluated as serious security vulnerability.
Fort Lauderdale, Fla.-based Citrix fault remote attacker unauthenticated execution of arbitrary code in the service account is a vulnerable component, said could be exploited by sending a specially crafted packet, or application server XenApp XenDesktop product supplier virtualization desktop virtualization platform that supports.
XML Service with IIS and Microsoft share a port, or to use their own port yapılandırılabilir.İkinci case, the XML service conducted by the independent elements of ctxxmlss. Exe XML Service will be made. Only ctxxmlss.exe use of images is affected by this vulnerability.
Most versions of XenDesktop, except 5, vulnerable.
The failure is considered serious, the Citrix XML Service interface, an attacker could explode normally not open to the Internet, said he would be able to access it.
However, almost all customers of the supplier patches appear on their site, known as patches, Citrix recommends that you download.
No comments:
Post a Comment