All the vulnerabilites related to Citrix - NetScaler ADC
var-201712-0309
Vulnerability from variot
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Contains an information disclosure vulnerability.Information may be obtained. Multiple Citrix Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks. Security vulnerabilities exist in Citrix NetScaler ADC and NetScaler Gateway. A remote attacker can exploit this vulnerability to decrypt TLS-encrypted data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "12.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "erlang",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "legion of the bouncy castle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "matrixssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "micro focus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wolfssl",
"version": null
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0 build 71.22"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 67.13"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0 build 53.22"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1 build 56.19"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 67.13"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0 build 71.22"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1 build 56.19"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0 build 53.22"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "12.053.22"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.156.19"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.071.22"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.567.13"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "12.053.22"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.156.19"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.071.22"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.567.13"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "BID",
"id": "102173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-498"
},
{
"db": "NVD",
"id": "CVE-2017-17382"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:citrix:netscaler_application_delivery_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:citrix:netscaler_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanno B\u00f6ck (hanno@hboeck.de), Juraj Somorovsky (juraj.somorovsky@rub.de) of Ruhr-Universit\u00e4t Bochum / Hackmanit GmbH and Craig Young (vuln report@secur3.us) of Tripwire VERT.",
"sources": [
{
"db": "BID",
"id": "102173"
}
],
"trust": 0.3
},
"cve": "CVE-2017-17382",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-17382",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-108399",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-17382",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17382",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17382",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-498",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108399",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108399"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-498"
},
{
"db": "NVD",
"id": "CVE-2017-17382"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a \"ROBOT attack\". Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Contains an information disclosure vulnerability.Information may be obtained. Multiple Citrix Products are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks. Security vulnerabilities exist in Citrix NetScaler ADC and NetScaler Gateway. A remote attacker can exploit this vulnerability to decrypt TLS-encrypted data",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17382"
},
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"db": "BID",
"id": "102173"
},
{
"db": "VULHUB",
"id": "VHN-108399"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#144389",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-17382",
"trust": 2.8
},
{
"db": "BID",
"id": "102173",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039985",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92438713",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011823",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-498",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.1514",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108399",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "VULHUB",
"id": "VHN-108399"
},
{
"db": "BID",
"id": "102173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-498"
},
{
"db": "NVD",
"id": "CVE-2017-17382"
}
]
},
"id": "VAR-201712-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108399"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:19:29.822000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX230238",
"trust": 0.8,
"url": "https://support.citrix.com/article/CTX230238"
},
{
"title": "Citrix NetScaler Application Delivery Controller and NetScaler Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=77140"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-498"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108399"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"db": "NVD",
"id": "CVE-2017-17382"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://support.citrix.com/article/ctx230238"
},
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102173"
},
{
"trust": 1.7,
"url": "https://robotattack.org/"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039985"
},
{
"trust": 0.8,
"url": "https://robotattack.org"
},
{
"trust": 0.8,
"url": "https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf"
},
{
"trust": 0.8,
"url": "http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf"
},
{
"trust": 0.8,
"url": "https://www.cert.org/historical/advisories/ca-1998-07.cfm"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc5246#section-7.4.7.1"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/203.html"
},
{
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher"
},
{
"trust": 0.8,
"url": "https://support.f5.com/csp/article/k21905460"
},
{
"trust": 0.8,
"url": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"
},
{
"trust": 0.8,
"url": "https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md"
},
{
"trust": 0.8,
"url": "https://support.microfocus.com/kb/doc.php?id=7022561"
},
{
"trust": 0.8,
"url": "https://github.com/wolfssl/wolfssl/pull/1229"
},
{
"trust": 0.8,
"url": "https://community.rsa.com/docs/doc-85268"
},
{
"trust": 0.8,
"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17382"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92438713/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17382"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1514"
},
{
"trust": 0.3,
"url": "http://www.citrix.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "VULHUB",
"id": "VHN-108399"
},
{
"db": "BID",
"id": "102173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-498"
},
{
"db": "NVD",
"id": "CVE-2017-17382"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#144389"
},
{
"db": "VULHUB",
"id": "VHN-108399"
},
{
"db": "BID",
"id": "102173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-498"
},
{
"db": "NVD",
"id": "CVE-2017-17382"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-12T00:00:00",
"db": "CERT/CC",
"id": "VU#144389"
},
{
"date": "2017-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-108399"
},
{
"date": "2017-12-12T00:00:00",
"db": "BID",
"id": "102173"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"date": "2017-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-498"
},
{
"date": "2017-12-13T16:29:00.253000",
"db": "NVD",
"id": "CVE-2017-17382"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-09T00:00:00",
"db": "CERT/CC",
"id": "VU#144389"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108399"
},
{
"date": "2017-12-19T22:38:00",
"db": "BID",
"id": "102173"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011823"
},
{
"date": "2023-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-498"
},
{
"date": "2024-11-21T03:17:52.007000",
"db": "NVD",
"id": "CVE-2017-17382"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-498"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding",
"sources": [
{
"db": "CERT/CC",
"id": "VU#144389"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-498"
}
],
"trust": 0.6
}
}
var-201610-0678
Vulnerability from variot
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. Citrix NetScaler ADC Contains an unauthorized redirect vulnerability. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. The vulnerability affects the following versions of Citrix NetScaler ADC: Version 11.0 prior to 11.0 Build 65.31/65.35F are vulnerable. Version 10.5 prior to 10.5 Build 61.11 are vulnerable. Version 10.1 prior to 10.1 Build 135.8 are vulnerable. Citrix NetScaler ADC (Application Delivery Controller) is a controller from Citrix Systems that provides application delivery control and load balancing functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0678",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler application delivery controller",
"scope": "lte",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler application delivery controller",
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1 135.8"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 61.11"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0 65.31/65.35f"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1 47.14"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.6,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.064.34"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.559.13"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.558.11"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler adc build 65.35f",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.065.31"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.561.11"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1135.8"
}
],
"sources": [
{
"db": "BID",
"id": "93947"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-826"
},
{
"db": "NVD",
"id": "CVE-2016-9028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:citrix:netscaler_application_delivery_controller_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bouke van Laethem of KPN.",
"sources": [
{
"db": "BID",
"id": "93947"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-826"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-9028",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-97848",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-9028",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9028",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-9028",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-826",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97848",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97848"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-826"
},
{
"db": "NVD",
"id": "CVE-2016-9028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. Citrix NetScaler ADC Contains an unauthorized redirect vulnerability. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. \nAn attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. \nThe vulnerability affects the following versions of Citrix NetScaler ADC:\nVersion 11.0 prior to 11.0 Build 65.31/65.35F are vulnerable. \nVersion 10.5 prior to 10.5 Build 61.11 are vulnerable. \nVersion 10.1 prior to 10.1 Build 135.8 are vulnerable. Citrix NetScaler ADC (Application Delivery Controller) is a controller from Citrix Systems that provides application delivery control and load balancing functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9028"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"db": "BID",
"id": "93947"
},
{
"db": "VULHUB",
"id": "VHN-97848"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9028",
"trust": 2.8
},
{
"db": "BID",
"id": "93947",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037175",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005678",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-826",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97848",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97848"
},
{
"db": "BID",
"id": "93947"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-826"
},
{
"db": "NVD",
"id": "CVE-2016-9028"
}
]
},
"id": "VAR-201610-0678",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97848"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:12:34.378000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX218361",
"trust": 0.8,
"url": "https://support.citrix.com/article/CTX218361"
},
{
"title": "Citrix NetScaler ADC Fixes for unauthorized redirection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65155"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-826"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97848"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"db": "NVD",
"id": "CVE-2016-9028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.citrix.com/article/ctx218361"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93947"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037175"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9028"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9028"
},
{
"trust": 0.3,
"url": "http://www.citrix.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97848"
},
{
"db": "BID",
"id": "93947"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-826"
},
{
"db": "NVD",
"id": "CVE-2016-9028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97848"
},
{
"db": "BID",
"id": "93947"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-826"
},
{
"db": "NVD",
"id": "CVE-2016-9028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-97848"
},
{
"date": "2016-10-25T00:00:00",
"db": "BID",
"id": "93947"
},
{
"date": "2016-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"date": "2016-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-826"
},
{
"date": "2016-10-28T15:59:20.313000",
"db": "NVD",
"id": "CVE-2016-9028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-97848"
},
{
"date": "2016-11-24T09:05:00",
"db": "BID",
"id": "93947"
},
{
"date": "2016-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005678"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-826"
},
{
"date": "2024-11-21T03:00:28.297000",
"db": "NVD",
"id": "CVE-2016-9028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-826"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler ADC Forbidden redirect vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005678"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-826"
}
],
"trust": 0.6
}
}
var-201709-0611
Vulnerability from variot
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. Citrix NetScaler ADC and NetScaler Gateway are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. The following products are affected: Citrix NetScaler ADC and NetScaler Gateway version 12.0 prior to build 53.13 Citrix NetScaler ADC and NetScaler Gateway version 11.1 prior to build 55.13 Citrix NetScaler ADC and NetScaler Gateway version 11.0 prior to build 70.16 Citrix NetScaler ADC and NetScaler Gateway version 10.5 prior to build 66.9 Citrix NetScaler ADC and NetScaler Gateway version 10.5e prior to build 60.7010.e Citrix NetScaler ADC and NetScaler Gateway version 10.1 prior to build 135.18. The following products and versions are affected: Citrix NetScaler Gateway Release 12.0, Release 11.1, Release 11.0, Release 10.5e, Release 10.5, Release 10.1; NetScaler ADC Release 12.0, Release 11.1, Release 11.0, Release 10.5e, Release 10.5, Release 10.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.5e"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.5e"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1 build 55.13"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0 build 70.16"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5e build 60.7010.e"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 66.9"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0 build 70.16"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5e build 60.7010.e"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 66.9"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0 (build 41.24 except for )"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5e"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0 (build 41.24 except for )"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5e"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0 build 53.13"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1 build 135.18"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0 build 53.13"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1 build 135.18"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1 build 55.13"
},
{
"model": "netscaler gateway 10.5e",
"scope": null,
"trust": 0.3,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler adc 10.5e",
"scope": null,
"trust": 0.3,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "12.053.13"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.155.13"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.070.16"
},
{
"model": "netscaler gateway 10.5e build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "60.7010."
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.566.9"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1135.8"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "12.053.13"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.155.13"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.070.16"
},
{
"model": "netscaler adc 10.5e build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "60.7010."
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.566.9"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1135.8"
}
],
"sources": [
{
"db": "BID",
"id": "100980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-879"
},
{
"db": "NVD",
"id": "CVE-2017-14602"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:citrix:netscaler_application_delivery_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:citrix:netscaler_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Frank Gifford of NCC Group",
"sources": [
{
"db": "BID",
"id": "100980"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14602",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-14602",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-105341",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2017-14602",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14602",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-14602",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-879",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105341",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-879"
},
{
"db": "NVD",
"id": "CVE-2017-14602"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. Citrix NetScaler ADC and NetScaler Gateway are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. \nThe following products are affected:\nCitrix NetScaler ADC and NetScaler Gateway version 12.0 prior to build 53.13\nCitrix NetScaler ADC and NetScaler Gateway version 11.1 prior to build 55.13\nCitrix NetScaler ADC and NetScaler Gateway version 11.0 prior to build 70.16\nCitrix NetScaler ADC and NetScaler Gateway version 10.5 prior to build 66.9\nCitrix NetScaler ADC and NetScaler Gateway version 10.5e prior to build 60.7010.e\nCitrix NetScaler ADC and NetScaler Gateway version 10.1 prior to build 135.18. The following products and versions are affected: Citrix NetScaler Gateway Release 12.0, Release 11.1, Release 11.0, Release 10.5e, Release 10.5, Release 10.1; NetScaler ADC Release 12.0, Release 11.1, Release 11.0, Release 10.5e, Release 10.5, Release 10.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14602"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"db": "BID",
"id": "100980"
},
{
"db": "VULHUB",
"id": "VHN-105341"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14602",
"trust": 2.8
},
{
"db": "BID",
"id": "100980",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008632",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-879",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.1511",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105341",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105341"
},
{
"db": "BID",
"id": "100980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-879"
},
{
"db": "NVD",
"id": "CVE-2017-14602"
}
]
},
"id": "VAR-201709-0611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-105341"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:40:29.150000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX227928",
"trust": 0.8,
"url": "https://support.citrix.com/article/CTX227928"
},
{
"title": "Citrix Systems NetScaler Application Delivery Controller and NetScaler Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=74981"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-879"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"db": "NVD",
"id": "CVE-2017-14602"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.citrix.com/article/ctx227928"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100980"
},
{
"trust": 1.7,
"url": "https://support.citrix.com/article/ctx228091"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14602"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14602"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1511"
},
{
"trust": 0.3,
"url": "http://www.citrix.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105341"
},
{
"db": "BID",
"id": "100980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-879"
},
{
"db": "NVD",
"id": "CVE-2017-14602"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-105341"
},
{
"db": "BID",
"id": "100980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-879"
},
{
"db": "NVD",
"id": "CVE-2017-14602"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-105341"
},
{
"date": "2017-09-25T00:00:00",
"db": "BID",
"id": "100980"
},
{
"date": "2017-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"date": "2017-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-879"
},
{
"date": "2017-09-26T14:29:00.487000",
"db": "NVD",
"id": "CVE-2017-14602"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105341"
},
{
"date": "2017-09-25T00:00:00",
"db": "BID",
"id": "100980"
},
{
"date": "2017-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008632"
},
{
"date": "2023-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-879"
},
{
"date": "2024-11-21T03:13:11.013000",
"db": "NVD",
"id": "CVE-2017-14602"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-879"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Application Delivery Controller and NetScaler Gateway Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008632"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-879"
}
],
"trust": 0.6
}
}
var-201712-0855
Vulnerability from variot
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Contains an information disclosure vulnerability.Information may be obtained. Multiple Citrix Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Security vulnerabilities exist in Citrix NetScaler ADC and NetScaler Gateway. The following products and versions are affected: Citrix NetScaler Application Delivery Controller 10.5 prior to 10.5 build 67.13, 11.0 prior to 11.0 build 71.22, 11.1 prior to 11.1 build 56.19, 12.0 prior to 12.0 build 53.22; NetScaler Gateway 10.5 prior to build 53.22 10.5 versions before 11.0 build 71.22, 11.1 versions before 11.1 build 56.19, 12.0 versions before 12.0 build 53.22
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0 build 71.22"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 67.13"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0 build 53.22"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1 build 56.19"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 67.13"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0 build 71.22"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1 build 56.19"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "12.0 build 53.22"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.053.13"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.041.24"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.155.13"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.152.13"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.151.21"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.070.16"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.070.12"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.069.123"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.069.12"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.066.11"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.065.31"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.064.34"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.566.9"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.565.11"
},
{
"model": "netscaler gateway build 60.7010.e",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.559.13"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.558.11"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.556.15"
},
{
"model": "netscaler gateway build 55.8007.e",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.555.8"
},
{
"model": "netscaler gateway build 54.9009.e",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.053.13"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.041.24"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.155.13"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.147.14"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.070.16"
},
{
"model": "netscaler adc build 65.35f",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.065.31"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.064.34"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.566.9"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.561.11"
},
{
"model": "netscaler adc build 60.7010.e",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.559.13"
},
{
"model": "netscaler adc build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.558.11"
},
{
"model": "netscaler adc",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "12.053.22"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.156.19"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.071.22"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.567.13"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "12.053.22"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.156.19"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.071.22"
},
{
"model": "netscaler adc build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.567.13"
}
],
"sources": [
{
"db": "BID",
"id": "102177"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-450"
},
{
"db": "NVD",
"id": "CVE-2017-17549"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:citrix:netscaler_application_delivery_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:citrix:netscaler_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Team.",
"sources": [
{
"db": "BID",
"id": "102177"
}
],
"trust": 0.3
},
"cve": "CVE-2017-17549",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-17549",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-108582",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-17549",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17549",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17549",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-450",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108582",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108582"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-450"
},
{
"db": "NVD",
"id": "CVE-2017-17549"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Contains an information disclosure vulnerability.Information may be obtained. Multiple Citrix Products are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Security vulnerabilities exist in Citrix NetScaler ADC and NetScaler Gateway. The following products and versions are affected: Citrix NetScaler Application Delivery Controller 10.5 prior to 10.5 build 67.13, 11.0 prior to 11.0 build 71.22, 11.1 prior to 11.1 build 56.19, 12.0 prior to 12.0 build 53.22; NetScaler Gateway 10.5 prior to build 53.22 10.5 versions before 11.0 build 71.22, 11.1 versions before 11.1 build 56.19, 12.0 versions before 12.0 build 53.22",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17549"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"db": "BID",
"id": "102177"
},
{
"db": "VULHUB",
"id": "VHN-108582"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17549",
"trust": 2.8
},
{
"db": "BID",
"id": "102177",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1040011",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011644",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-450",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-108582",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108582"
},
{
"db": "BID",
"id": "102177"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-450"
},
{
"db": "NVD",
"id": "CVE-2017-17549"
}
]
},
"id": "VAR-201712-0855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108582"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:59:08.091000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX230612",
"trust": 0.8,
"url": "https://support.citrix.com/article/CTX230612"
},
{
"title": "Citrix Systems NetScaler Application Delivery Controller and NetScaler Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77133"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-450"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108582"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"db": "NVD",
"id": "CVE-2017-17549"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.citrix.com/article/ctx230612"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/102177"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040011"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17549"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17549"
},
{
"trust": 0.3,
"url": "http://www.citrix.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108582"
},
{
"db": "BID",
"id": "102177"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-450"
},
{
"db": "NVD",
"id": "CVE-2017-17549"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-108582"
},
{
"db": "BID",
"id": "102177"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-450"
},
{
"db": "NVD",
"id": "CVE-2017-17549"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-108582"
},
{
"date": "2017-12-12T00:00:00",
"db": "BID",
"id": "102177"
},
{
"date": "2018-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"date": "2017-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-450"
},
{
"date": "2017-12-13T16:29:00.393000",
"db": "NVD",
"id": "CVE-2017-17549"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-108582"
},
{
"date": "2017-12-19T22:38:00",
"db": "BID",
"id": "102177"
},
{
"date": "2018-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011644"
},
{
"date": "2017-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-450"
},
{
"date": "2024-11-21T03:18:08.443000",
"db": "NVD",
"id": "CVE-2017-17549"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-450"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Application Delivery Controller and NetScaler Gateway Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011644"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-450"
}
],
"trust": 0.6
}
}
cve-2023-3466
Vulnerability from cvelistv5
Published
2023-07-19 18:21
Modified
2024-10-21 21:09
Severity ?
EPSS score ?
Summary
Reflected Cross-Site Scripting (XSS)
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Citrix | NetScaler ADC |
Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:06:40.290853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:09:28.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC\u202f",
"vendor": "Citrix",
"versions": [
{
"lessThan": "49.13",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "91.13",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.159",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.297",
"status": "affected",
"version": "12.1-FIPS ",
"versionType": "patch"
},
{
"lessThan": "55.297",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "Citrix",
"versions": [
{
"lessThan": "49.13",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "91.13",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eReflected Cross-Site Scripting (XSS)\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Reflected Cross-Site Scripting (XSS)\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T18:21:05.262Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-3466",
"datePublished": "2023-07-19T18:21:05.262Z",
"dateReserved": "2023-06-29T21:03:53.903Z",
"dateUpdated": "2024-10-21T21:09:28.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4966
Vulnerability from cvelistv5
Published
2023-10-10 13:12
Modified
2024-08-02 07:44
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Citrix | NetScaler ADC |
Version: 14.1 Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX579459"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC\u202f",
"vendor": "Citrix",
"versions": [
{
"lessThan": "8.50",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "49.15",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.19",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.164",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.300",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.300",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "Citrix",
"versions": [
{
"lessThan": "8.50",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "49.15",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.19",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"datePublic": "2023-10-10T12:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eSensitive information disclosure\u0026nbsp;\u003c/span\u003e\u003c/b\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ein NetScaler ADC and NetScaler Gateway when configured as a\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eGateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eor\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eAAA \u202fvirtual\u202fserver.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e"
}
],
"value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver.\u00a0\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T13:12:29.552Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX579459"
},
{
"url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated sensitive information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-4966",
"datePublished": "2023-10-10T13:12:17.644Z",
"dateReserved": "2023-09-14T15:51:21.569Z",
"dateUpdated": "2024-08-02T07:44:53.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3519
Vulnerability from cvelistv5
Published
2023-07-19 17:51
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
Unauthenticated remote code execution
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Citrix | NetScaler ADC |
Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC\u202f",
"vendor": "Citrix",
"versions": [
{
"lessThan": "49.13",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "91.13",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.159",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.297",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.297",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "Citrix",
"versions": [
{
"lessThan": "49.13",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "91.13",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthenticated remote code execution\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Unauthenticated remote code execution\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T17:51:39.739Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
},
{
"url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-3519",
"datePublished": "2023-07-19T17:51:39.739Z",
"dateReserved": "2023-07-05T22:22:26.251Z",
"dateUpdated": "2024-08-02T06:55:03.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3467
Vulnerability from cvelistv5
Published
2023-07-19 18:35
Modified
2024-10-24 17:43
Severity ?
EPSS score ?
Summary
Privilege Escalation to root administrator (nsroot)
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Citrix | NetScaler ADC |
Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T17:43:30.373172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T17:43:49.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC\u202f",
"vendor": "Citrix",
"versions": [
{
"lessThan": "49.13",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "91.13",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.159",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.297",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.297",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "Citrix",
"versions": [
{
"lessThan": "49.13",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "91.13",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePrivilege Escalation to root administrator (nsroot)\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Privilege Escalation to root administrator (nsroot)\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T18:35:56.843Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-3467",
"datePublished": "2023-07-19T18:35:56.843Z",
"dateReserved": "2023-06-29T21:04:13.952Z",
"dateUpdated": "2024-10-24T17:43:49.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}