Denial of service in Citrix License Server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6273 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Citrix License Server Server applications / Application servers |
| Vendor | Citrix |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Denial of service
EUVDB-ID: #VU973
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6273
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness occurs in Citrix Licence Server and exists due to access control error that allow attackers to trigger the affected server to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update to version 11.14.0.1 or later.
https://www.citrix.com/downloads/licensing/license-server/license-server-version-111401-for-windows.html#ctx-dl-eula
Citrix License Server: 11.5 - 11.13.1
External linkshttp://support.citrix.com/article/CTX217430
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
