var-201602-0346
Vulnerability from variot

The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlA clickjacking attack may be performed by a third party. A remote attacker can exploit this vulnerability to implement clickjacking attacks

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0346",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.0"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "10.5e"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "10.1"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.x"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5.e build 59.1305.e"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.0 build 64.34"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.x"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5 build 59.13"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5.e"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5.e build 59.1305.e"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5.e"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.0 build 64.34"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.1"
      },
      {
        "model": "netscaler gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5 build 59.13"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "citrix",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2072"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:citrix:netscaler_application_delivery_controller",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:citrix:netscaler_application_delivery_controller_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:citrix:netscaler_access_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:citrix:netscaler_gateway_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      }
    ]
  },
  "cve": "CVE-2016-2072",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-2072",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-90891",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-2072",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-2072",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-2072",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-321",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90891",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2072",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2072"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlA clickjacking attack may be performed by a third party. A remote attacker can exploit this vulnerability to implement clickjacking attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2072"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2072",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1035098",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-321",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-90891",
        "trust": 0.1
      },
      {
        "db": "BID",
        "id": "83183",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2072",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2072"
      }
    ]
  },
  "id": "VAR-201602-0346",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90891"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:01:34.071000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CTX206001",
        "trust": 0.8,
        "url": "http://support.citrix.com/article/CTX206001"
      },
      {
        "title": "Citrix Systems NetScaler Application Delivery Controller  and NetScaler Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60257"
      },
      {
        "title": "Citrix Security Bulletins: Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=35f27983a466a44995cc8bdefe90f69a"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-254",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2072"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://support.citrix.com/article/ctx206001"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1035098"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2072"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2072"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/254.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/83183"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2072"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2072"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90891"
      },
      {
        "date": "2016-02-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2072"
      },
      {
        "date": "2016-03-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "date": "2016-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      },
      {
        "date": "2016-02-17T15:59:05.750000",
        "db": "NVD",
        "id": "CVE-2016-2072"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90891"
      },
      {
        "date": "2016-12-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2072"
      },
      {
        "date": "2016-03-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      },
      {
        "date": "2016-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      },
      {
        "date": "2024-11-21T02:47:45.027000",
        "db": "NVD",
        "id": "CVE-2016-2072"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Citrix NetScaler Application Delivery Controller and  NetScaler Gateway Management  Web Vulnerabilities that could cause clickjacking attacks in the interface",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001703"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-321"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.