Vulnerability-Lookup

CVE-2016-6273 (GCVE-0-2016-6273)

Vulnerability from cvelistv5 – Published: 2016-10-07 14:00 – Updated: 2024-08-06 01:22

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

VAR-201610-0019

Vulnerability from variot - Updated: 2025-04-13 23:22

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode. Citrix License Server for Windows and License Server VPX are products of Citrix Systems. The former is a Windows-based authentication server, and the latter is an authentication server device. There are security vulnerabilities in versions of Citrix License Server for Windows prior to 11.14.0.1 and versions prior to License Server VPX 11.14.0.1. A remote attacker could exploit the vulnerability to cause a denial of service (server crash)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0019",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "license server vpx",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "citrix",
        "version": "11.14.0.1"
      },
      {
        "model": "license server vpx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.14.0.0"
      },
      {
        "model": "license server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.14.0.0"
      },
      {
        "model": "license server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "for windows 11.14.0.1"
      },
      {
        "model": "license server for windows",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "11.14.0.1"
      },
      {
        "model": "license server vpx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "11.14.0.0"
      },
      {
        "model": "license server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "11.14.0.0"
      },
      {
        "model": "license server vpx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.9"
      },
      {
        "model": "license server vpx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.6"
      },
      {
        "model": "license server vpx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.5"
      },
      {
        "model": "license server vpx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.13.1.2"
      },
      {
        "model": "license server vpx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.12"
      },
      {
        "model": "license server vpx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.11"
      },
      {
        "model": "license server vpx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.10"
      },
      {
        "model": "license server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.11.1"
      },
      {
        "model": "license server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.9"
      },
      {
        "model": "license server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.6"
      },
      {
        "model": "license server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.5"
      },
      {
        "model": "license server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.13.1.2"
      },
      {
        "model": "license server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.12"
      },
      {
        "model": "license server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.11"
      },
      {
        "model": "license server for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.10"
      },
      {
        "model": "license server vpx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.14.0.1"
      },
      {
        "model": "license server for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.14.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "license server",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "license server vpx",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "db": "BID",
        "id": "93450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6273"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:citrix:license_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:citrix:license_server_vpx",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jim Carreer and Nicholas Miles of Tenable Network Security.",
    "sources": [
      {
        "db": "BID",
        "id": "93450"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-6273",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-6273",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-09525",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-6273",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-6273",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-6273",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-09525",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-152",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6273"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a \u002701 19\u0027 opcode. Citrix License Server for Windows and License Server VPX are products of Citrix Systems. The former is a Windows-based authentication server, and the latter is an authentication server device. There are security vulnerabilities in versions of Citrix License Server for Windows prior to 11.14.0.1 and versions prior to License Server VPX 11.14.0.1. A remote attacker could exploit the vulnerability to cause a denial of service (server crash)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "db": "BID",
        "id": "93450"
      },
      {
        "db": "IVD",
        "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6273",
        "trust": 3.5
      },
      {
        "db": "TENABLE",
        "id": "TRA-2016-29",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "93450",
        "trust": 1.3
      },
      {
        "db": "SECTRACK",
        "id": "1037008",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005187",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "F16D7B84-244A-4FB0-84FB-068E7CA78DF7",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "db": "BID",
        "id": "93450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6273"
      }
    ]
  },
  "id": "VAR-201610-0019",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      }
    ],
    "trust": 1.271001215
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:22:20.065000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "License Server - Version 11.14.0.1",
        "trust": 0.8,
        "url": "https://www.citrix.co.jp/downloads/licensing/license-server.html"
      },
      {
        "title": "CTX217430",
        "trust": 0.8,
        "url": "http://support.citrix.com/article/CTX217430"
      },
      {
        "title": "[R2] Citrix License Server / Flexera FlexNet Publisher lmadmin.exe 2F Packet Handling Remote DoS",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/research/tra-2016-29"
      },
      {
        "title": "Patch for Citrix License Server for Windows and License Server VPX Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/82643"
      },
      {
        "title": "Citrix License Server for Windows  and License Server VPX Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64557"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6273"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://support.citrix.com/article/ctx217430"
      },
      {
        "trust": 1.6,
        "url": "https://www.tenable.com/security/research/tra-2016-29"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1037008"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/93450"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6273"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6273"
      },
      {
        "trust": 0.3,
        "url": "http://www.citrix.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "db": "BID",
        "id": "93450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6273"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "db": "BID",
        "id": "93450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6273"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-20T00:00:00",
        "db": "IVD",
        "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
      },
      {
        "date": "2016-10-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "date": "2016-10-06T00:00:00",
        "db": "BID",
        "id": "93450"
      },
      {
        "date": "2016-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      },
      {
        "date": "2016-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      },
      {
        "date": "2016-10-07T14:59:05.020000",
        "db": "NVD",
        "id": "CVE-2016-6273"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "date": "2016-10-10T03:06:00",
        "db": "BID",
        "id": "93450"
      },
      {
        "date": "2016-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005187"
      },
      {
        "date": "2016-10-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-6273"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Citrix License Server for Windows and License Server VPX Denial of Service Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-09525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "IVD",
        "id": "f16d7b84-244a-4fb0-84fb-068e7ca78df7"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-152"
      }
    ],
    "trust": 0.8
  }
}

CERTFR-2016-AVI-332

Vulnerability from certfr_avis - Published: 2016-10-06 - Updated: 2016-10-06

Une vulnérabilité a été corrigée dans Citrix License Server. Elle permet à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Citrix License Server versions antérieures à 11.14.0.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

FKIE_CVE-2016-6273

Vulnerability from fkie_nvd - Published: 2016-10-07 14:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://support.citrix.com/article/CTX217430	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/93450
cve@mitre.org	http://www.securitytracker.com/id/1037008
cve@mitre.org	https://www.tenable.com/security/research/tra-2016-29
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX217430	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93450
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037008
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2016-29

Impacted products

	Vendor	Product	Version
	citrix	license_server	*
	citrix	license_server_vpx	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:license_server:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "6271F416-8ECE-491E-830D-38623FE955F1",
              "versionEndIncluding": "11.14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:license_server_vpx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7B0A35-7A61-4C4A-B9D7-CF874BCC473E",
              "versionEndIncluding": "11.14.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a \u002701 19\u0027 opcode."
    },
    {
      "lang": "es",
      "value": "El componente lmadmin en Flexera FlexNet Publisher (tambi\u00e9n conocido como Flex License Manager) en versiones anteriores a 2015 SP5 y 2016 en versiones anteriores a R1 SP1, como se usa por Citrix License Server para Windows en versiones anteriores a 11.14.0.1 y Citrix License Server VPX en versiones anteriores a 11.14.0.1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un paquete tipo 2F con un c\u00f3digo de operaci\u00f3n \u002701 19\u0027."
    }
  ],
  "id": "CVE-2016-6273",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-07T14:59:05.020",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.citrix.com/article/CTX217430"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/93450"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1037008"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.tenable.com/security/research/tra-2016-29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.citrix.com/article/CTX217430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.tenable.com/security/research/tra-2016-29"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-09525

Vulnerability from cnvd - Published: 2016-10-20

Title

Citrix License Server for Windows和License Server VPX拒绝服务漏洞

Description

Citrix License Server for Windows和License Server VPX都是美国思杰系统（Citrix Systems）公司的产品。前者是一款基于Windows系统的认证服务器，后者是一款认证服务器设备。 ] Citrix License Server for Windows 11.14.0.1之前的版本和License Server VPX 11.14.0.1之前的版本中存在安全漏洞。远程攻击者可利用该漏洞造成拒绝服务（服务器崩溃）。

Severity

中

Patch Name

Citrix License Server for Windows和License Server VPX拒绝服务漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://www.tenable.com/security/research/tra-2016-29

Reference

https://www.tenable.com/security/research/tra-2016-29

Impacted products

Name
['Citrix License Server VPX <11.14.0.1', 'Citrix License Server for Windows <11.14.0.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6273"
    }
  },
  "description": "Citrix License Server for Windows\u548cLicense Server VPX\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u6b3e\u57fa\u4e8eWindows\u7cfb\u7edf\u7684\u8ba4\u8bc1\u670d\u52a1\u5668\uff0c\u540e\u8005\u662f\u4e00\u6b3e\u8ba4\u8bc1\u670d\u52a1\u5668\u8bbe\u5907\u3002\r\n]\r\nCitrix License Server for Windows 11.14.0.1\u4e4b\u524d\u7684\u7248\u672c\u548cLicense Server VPX 11.14.0.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u670d\u52a1\u5668\u5d29\u6e83\uff09\u3002",
  "discovererName": "Citrix",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.tenable.com/security/research/tra-2016-29",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-09525",
  "openTime": "2016-10-20",
  "patchDescription": "Citrix License Server for Windows\u548cLicense Server VPX\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u6b3e\u57fa\u4e8eWindows\u7cfb\u7edf\u7684\u8ba4\u8bc1\u670d\u52a1\u5668\uff0c\u540e\u8005\u662f\u4e00\u6b3e\u8ba4\u8bc1\u670d\u52a1\u5668\u8bbe\u5907\u3002\r\n]\r\nCitrix License Server for Windows 11.14.0.1\u4e4b\u524d\u7684\u7248\u672c\u548cLicense Server VPX 11.14.0.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u670d\u52a1\u5668\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix License Server for Windows\u548cLicense Server VPX\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix License Server VPX \u003c11.14.0.1",
      "Citrix License Server for Windows \u003c11.14.0.1"
    ]
  },
  "referenceLink": "https://www.tenable.com/security/research/tra-2016-29",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-13",
  "title": "Citrix License Server for Windows\u548cLicense Server VPX\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GSD-2016-6273

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6273

Aliases

CVE-2016-6273

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6273",
    "description": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a \u002701 19\u0027 opcode.",
    "id": "GSD-2016-6273"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6273"
      ],
      "details": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a \u002701 19\u0027 opcode.",
      "id": "GSD-2016-6273",
      "modified": "2023-12-13T01:21:23.792842Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-6273",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a \u002701 19\u0027 opcode."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.tenable.com/security/research/tra-2016-29",
            "refsource": "MISC",
            "url": "https://www.tenable.com/security/research/tra-2016-29"
          },
          {
            "name": "1037008",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037008"
          },
          {
            "name": "http://support.citrix.com/article/CTX217430",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX217430"
          },
          {
            "name": "93450",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93450"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:license_server_vpx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:license_server:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.14.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6273"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a \u002701 19\u0027 opcode."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.citrix.com/article/CTX217430",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.citrix.com/article/CTX217430"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2016-29",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.tenable.com/security/research/tra-2016-29"
            },
            {
              "name": "93450",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93450"
            },
            {
              "name": "1037008",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037008"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-07-29T01:34Z",
      "publishedDate": "2016-10-07T14:59Z"
    }
  }
}

GHSA-WJGV-7P74-C9QX

Vulnerability from github – Published: 2022-05-17 02:23 – Updated: 2022-05-17 02:23

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6273"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-07T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a \u002701 19\u0027 opcode.",
  "id": "GHSA-wjgv-7p74-c9qx",
  "modified": "2022-05-17T02:23:04Z",
  "published": "2022-05-17T02:23:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6273"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2016-29"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX217430"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93450"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6273 (GCVE-0-2016-6273)

VAR-201610-0019

CERTFR-2016-AVI-332

Solution

FKIE_CVE-2016-6273

CNVD-2016-09525

GSD-2016-6273

GHSA-WJGV-7P74-C9QX

Tags

Sightings

Nomenclature