cnvd-2016-01209
Vulnerability from cnvd

Title: Citrix Systems NetScaler Application Delivery Controller和NetScaler Gateway点击劫持漏洞

Description:

Citrix Systems NetScaler ADC是一套服务和应用交付解决方案;NetScaler Gateway是一套安全的远程接入解决方案。

Citrix Systems NetScaler ADC和NetScaler Gateway存在点击劫持漏洞,允许攻击者构建恶意URI,诱使用户解析,重定向用户到任意WEB站点进行钓鱼攻击。

Severity:

Patch Name: Citrix Systems NetScaler Application Delivery Controller和NetScaler Gateway点击劫持漏洞的补丁

Patch Description:

Citrix Systems NetScaler ADC是一套服务和应用交付解决方案;NetScaler Gateway是一套安全的远程接入解决方案。

Citrix Systems NetScaler ADC和NetScaler Gateway存在点击劫持漏洞,允许攻击者构建恶意URI,诱使用户解析,重定向用户到任意WEB站点进行钓鱼攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.citrix.com/article/CTX206001

Reference: http://support.citrix.com/article/CTX206001

Impacted products
Name
['Citrix NetScaler Application Delivery Controller (ADC)', 'Citrix NetScaler ADC 10.x', 'Citrix NetScaler Gateway 11.x(<11.0 Build 64.34)', 'Citrix NetScaler Gateway 10.5(<10.5 Build 59.13)', 'Citrix NetScaler Gateway 10.5.e(<Build 59.1305.e)', 'Citrix NetScaler Gateway 10.1']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2072"
    }
  },
  "description": "Citrix Systems NetScaler ADC\u662f\u4e00\u5957\u670d\u52a1\u548c\u5e94\u7528\u4ea4\u4ed8\u89e3\u51b3\u65b9\u6848\uff1bNetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCitrix Systems NetScaler ADC\u548cNetScaler Gateway\u5b58\u5728\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u91cd\u5b9a\u5411\u7528\u6237\u5230\u4efb\u610fWEB\u7ad9\u70b9\u8fdb\u884c\u9493\u9c7c\u653b\u51fb\u3002",
  "discovererName": "Citrix",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://support.citrix.com/article/CTX206001",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01209",
  "openTime": "2016-02-23",
  "patchDescription": "Citrix Systems NetScaler ADC\u662f\u4e00\u5957\u670d\u52a1\u548c\u5e94\u7528\u4ea4\u4ed8\u89e3\u51b3\u65b9\u6848\uff1bNetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCitrix Systems NetScaler ADC\u548cNetScaler Gateway\u5b58\u5728\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u91cd\u5b9a\u5411\u7528\u6237\u5230\u4efb\u610fWEB\u7ad9\u70b9\u8fdb\u884c\u9493\u9c7c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix Systems NetScaler Application Delivery Controller\u548cNetScaler Gateway\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix NetScaler Application Delivery Controller (ADC)",
      "Citrix NetScaler ADC 10.x",
      "Citrix NetScaler Gateway 11.x(\u003c11.0 Build 64.34)",
      "Citrix NetScaler Gateway 10.5(\u003c10.5 Build 59.13)",
      "Citrix NetScaler Gateway 10.5.e(\u003cBuild 59.1305.e)",
      "Citrix NetScaler Gateway 10.1"
    ]
  },
  "referenceLink": "http://support.citrix.com/article/CTX206001",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-22",
  "title": "Citrix Systems NetScaler Application Delivery Controller\u548cNetScaler Gateway\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.