Citrix NFuse launch.* cross-site scripting (HTTP_Nfuse_Script)

About this signature or vulnerability

RealSecure Desktop, Proventia Server IPS for Linux technology, Proventia Network IPS, RealSecure Desktop Protector 3.6, IBM Security Host Protection for Desktops, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS, IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, RealSecure Network, BlackICE Agent for Server, BlackICE Server Protection, BlackICE PC Protection, Virtual Server Protection for Vmware, IBM Security Host Protection for Servers (Unix):

This signature checks for a specially-crafted URL containing 'launch.asp' or 'launch.jsp'.

This event triggers upon detecting a specially-crafted URL containing 'launch.asp' or 'launch.jsp'.

Default risk level

 High

Sensors that have this signature

RealSecure Desktop: baseline, Proventia Server IPS for Linux technology: 1.0, Proventia Network IPS: 2.0, RealSecure Desktop Protector 3.6: baseline, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia-G 1.1 and earlier: XPU 22.11, Proventia Network MFS: XPU 1.9, Proventia Network IDS: XPU 22.11, IBM Security Host Protection for Servers (Windows): 1.0.914.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, RealSecure Server Sensor: XPU 22.11, RealSecure Network: XPU 22.11, BlackICE Agent for Server: 3.6eof, BlackICE Server Protection: 3.6.cpa, BlackICE PC Protection: 3.6cpa, Virtual Server Protection for Vmware: 1.0, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Citrix NFuse: 1.51, Citrix NFuse: 1.6

Type

Protocol Signature

Vulnerability description

How to remove this vulnerability

References