mailing list archives
Citrix Web interface - Source code disclosure?
From: Phani <pklanka () gmail com>
Date: Thu, 18 Mar 2010 18:38:45 +0530
This is with regard to the methodology that Citrix Web interface 4.5.1
contain ASP.NET code. These files are referenced (using include functions)
in the Citrix ASPX files for the parsing of ASP.NET content within the JS
within the ASPX page in the browser between script tags. (Process is more
sort of like parsing of include files header.inc and footer.inc present in
the include folder).
The vulnerability lies wherein remote users can access
directly in the browser. Such files appear in the Content-Type: Text/HTML
and disclose the ASP.NET code in the files. The examples of location of such
files are below:
My question here is if the ASP.NET source code (server side script) is
presented to the web browser, are we looking at a source code disclosure
vulnerability in the Web Interface 4.5.1?
What would be the remediation steps in this case? Block the access to
And just wanted to ask if any one here knows any vendor patch to this issue?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Citrix Web interface - Source code disclosure? Phani (Mar 18)