Citrix Nfuse 1.51 - Webroot Disclosure

Author: sween
type: webapps
platform: asp
port: 
date_added: 2001-07-02  
date_updated: 2012-09-01  
verified: 1  
codes: CVE-2001-0760;OSVDB-1885  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 20987.txt  

source: https://www.securityfocus.com/bid/2956/info

Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver.

It has been reported that a remote attacker can learn the location of the webroot simply by submitting a request to the launcher application without specifying the additional required information. This has been reported to not be reliably replicable.

http://target/path/launch.asp?