var-201704-1524
Vulnerability from variot
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Citrix NetScaler Gateway is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: Citrix NetScaler Gateway 11.1 prior to 11.1 Build 52.13 Citrix NetScaler Gateway 11.0 prior to 11.0 Build 70.12 Citrix NetScaler Gateway 10.5 prior to 10.5 Build 65.11 Citrix NetScaler Gateway 10.1 prior to 10.1 Build 135.8 Citrix NetScaler Gateway 10.1 prior to 10.1 Build 135.12. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0 build 70.12"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1 build 52.13"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 65.11"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1 build 135.8/135.12"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.152.13"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.070.12"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.565.11"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1135.8"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1135.12"
}
],
"sources": [
{
"db": "BID",
"id": "97626"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:citrix:netscaler_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Mowat",
"sources": [
{
"db": "BID",
"id": "97626"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-7219",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-115422",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7219",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7219",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7219",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-913",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-115422",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-7219",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Citrix NetScaler Gateway is prone to a heap-based buffer-overflow vulnerability. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are affected:\nCitrix NetScaler Gateway 11.1 prior to 11.1 Build 52.13\nCitrix NetScaler Gateway 11.0 prior to 11.0 Build 70.12\nCitrix NetScaler Gateway 10.5 prior to 10.5 Build 65.11\nCitrix NetScaler Gateway 10.1 prior to 10.1 Build 135.8\nCitrix NetScaler Gateway 10.1 prior to 10.1 Build 135.12. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7219"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "BID",
"id": "97626"
},
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7219",
"trust": 2.9
},
{
"db": "BID",
"id": "97626",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1038283",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-93072",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-115422",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7219",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "BID",
"id": "97626"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"id": "VAR-201704-1524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:12:27.699000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX222657",
"trust": 0.8,
"url": "https://support.citrix.com/article/CTX222657"
},
{
"title": "Citrix Security Bulletins: CVE-2017-7219 - Heap Overflow Vulnerability in Citrix NetScaler Gateway Could Result in Arbitrary Code Execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=af212df1e1bcdd960e33f0c7f7331b7a"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://support.citrix.com/article/ctx222657"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/97626"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1038283"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7219"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7219"
},
{
"trust": 0.3,
"url": "http://www.citrix.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "BID",
"id": "97626"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "BID",
"id": "97626"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-115422"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"date": "2017-04-12T00:00:00",
"db": "BID",
"id": "97626"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"date": "2017-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"date": "2017-04-13T14:59:01.900000",
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-115422"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"date": "2017-04-18T00:06:00",
"db": "BID",
"id": "97626"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"date": "2018-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"date": "2024-11-21T03:31:23.933000",
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Gateway Heap overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.