CVE-2020-10110

Name of the Vulnerable Software and Affected Versions Citrix Gateway versions 11.1 through 12.1

Description The issue allows Information Exposure Through Caching. The Via header lists cache protocols and recipients between the start and end points for a request or a response. The Age header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive. Citrix disputes this as not a vulnerability, stating there is no sensitive information disclosure through the cache headers on Citrix ADC.

Recommendations For Citrix Gateway versions 11.1 through 12.1, as a temporary workaround, consider restricting access to the cache headers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.