PT-2015-7696 · Citrix · Citrix Netscaler Application Delivery Controller+2
Publicado
2015-11-17
·
Atualizado
2016-12-07
·
CVE-2015-7996
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions prior to 10.1 Build 133.9
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5 prior to Build 58.11
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5.e prior to Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices
Description
The issue allows attackers to obtain credentials via the browser cache, specifically through the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway.
Recommendations
For versions prior to 10.1 Build 133.9, update to Build 133.9 or later.
For versions 10.5 prior to Build 58.11, update to Build 58.11 or later.
For versions 10.5.e prior to Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices, update to Build 56.1505.e or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Citrix Netscaler Application Delivery Controller
Netscaler Gateway
Netscaler Service Delivery Appliance Service Vm