CVE-2015-3642

Name of the Vulnerable Software and Affected Versions Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices versions 9.x through 9.3 before Build 68.5 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices versions 10.0 through Build 78.6 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices versions 10.1 through Build 130.12 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices versions 10.1.e through Build 130.1301.e Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices versions 10.5 through Build 55.7 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices versions 10.5.e through Build 55.8006.e

Description The TLS and DTLS processing functionality in the affected devices makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack.

Recommendations For versions 9.x through 9.3 before Build 68.5, update to Build 68.5 or later. For versions 10.0 through Build 78.6, update to Build 78.7 or later. For versions 10.1 through Build 130.12, update to Build 130.13 or later. For versions 10.1.e through Build 130.1301.e, update to Build 130.1302.e or later. For versions 10.5 through Build 55.7, update to Build 55.8 or later. For versions 10.5.e through Build 55.8006.e, update to Build 55.8007.e or later.