cnvd-2016-10530
Vulnerability from cnvd
Title
Citrix NetScaler ADC URL重定向漏洞
Description
Citrix NetScaler ADC是应用交付控制器,可以优化企业服务交付。 Citrix NetScaler ADC存在URL重定向漏洞。攻击者可以利用该漏洞,让用户在无察觉的情况下访问攻击者的恶意链接。
Severity
Patch Name
Citrix NetScaler ADC URL重定向漏洞的补丁
Patch Description
Citrix NetScaler ADC是应用交付控制器,可以优化企业服务交付。 Citrix NetScaler ADC存在URL重定向漏洞。攻击者可以利用该漏洞,让用户在无察觉的情况下访问攻击者的恶意链接。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: https://support.citrix.com/article/CTX218361

Reference
http://www.securityfocus.com/bid/93947/info
Impacted products
Name
['Citrix NetScaler ADC 10.5,<10.5 Build 61.11', 'Citrix NetScaler ADC 10.1,<10.1 Build 135.8', 'Citrix NetScaler ADC 11.0,<11.0 Build 65.31/65.35F']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "93947"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9028"
    }
  },
  "description": "Citrix NetScaler ADC\u662f\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff0c\u53ef\u4ee5\u4f18\u5316\u4f01\u4e1a\u670d\u52a1\u4ea4\u4ed8\u3002\r\n\r\nCitrix NetScaler ADC\u5b58\u5728URL\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\uff0c\u8ba9\u7528\u6237\u5728\u65e0\u5bdf\u89c9\u7684\u60c5\u51b5\u4e0b\u8bbf\u95ee\u653b\u51fb\u8005\u7684\u6076\u610f\u94fe\u63a5\u3002",
  "discovererName": "Bouke van Laethem of KPN.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.citrix.com/article/CTX218361",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10530",
  "openTime": "2016-11-02",
  "patchDescription": "Citrix NetScaler ADC\u662f\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff0c\u53ef\u4ee5\u4f18\u5316\u4f01\u4e1a\u670d\u52a1\u4ea4\u4ed8\u3002\r\n\r\nCitrix NetScaler ADC\u5b58\u5728URL\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\uff0c\u8ba9\u7528\u6237\u5728\u65e0\u5bdf\u89c9\u7684\u60c5\u51b5\u4e0b\u8bbf\u95ee\u653b\u51fb\u8005\u7684\u6076\u610f\u94fe\u63a5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix NetScaler ADC URL\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix NetScaler ADC 10.5\uff0c\u003c10.5 Build 61.11",
      "Citrix NetScaler ADC 10.1\uff0c\u003c10.1 Build 135.8",
      "Citrix NetScaler ADC 11.0\uff0c\u003c11.0 Build 65.31/65.35F"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/93947/info",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-01",
  "title": "Citrix NetScaler ADC URL\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.