PT-2015-7696 · Citrix · Citrix Netscaler Application Delivery Controller+2
Published
2015-11-17
·
Updated
2016-12-07
·
CVE-2015-7996
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions prior to 10.1 Build 133.9
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5 prior to Build 58.11
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5.e prior to Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices
Description
The issue allows attackers to obtain credentials via the browser cache, specifically through the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway.
Recommendations
For versions prior to 10.1 Build 133.9, update to Build 133.9 or later.
For versions 10.5 prior to Build 58.11, update to Build 58.11 or later.
For versions 10.5.e prior to Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices, update to Build 56.1505.e or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citrix Netscaler Application Delivery Controller
Netscaler Gateway
Netscaler Service Delivery Appliance Service Vm