CVE-2015-3642: Infoleak
First published: Wed Aug 02 2017(Updated: )
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix NetScaler Firmware | =9.0 | |
| Citrix NetScaler Firmware | =9.1 | |
| Citrix NetScaler Firmware | =9.2 | |
| Citrix NetScaler Firmware | =10.0 | |
| Citrix NetScaler Firmware | =10.1 | |
| Citrix NetScaler Firmware | =10.1e | |
| Citrix NetScaler Firmware | =10.5 | |
| Citrix NetScaler Firmware | =10.5e | |
| NetScaler ADC | ||
| Citrix NetScaler Access Gateway |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-3642?
CVE-2015-3642 has been assigned a high severity rating due to its impact on the confidentiality and integrity of data processed by vulnerable Citrix devices.
How do I fix CVE-2015-3642?
To fix CVE-2015-3642, update your Citrix NetScaler devices to a patched firmware version as specified by Citrix.
Which versions are affected by CVE-2015-3642?
CVE-2015-3642 affects Citrix NetScaler ADC and Gateway devices running versions prior to 9.3 Build 68.5, 10.0 Build 78.6, 10.1 Build 130.13, and others listed in the CVE details.
What are the implications of CVE-2015-3642?
The implications of CVE-2015-3642 include the potential for unauthorized decryption of sensitive traffic and man-in-the-middle attacks.
Does CVE-2015-3642 affect all Citrix NetScaler versions?
No, CVE-2015-3642 does not affect Citrix NetScaler versions 9.0, 9.1, 9.2, 10.0, 10.1, 10.5, and their corresponding 'e' variants.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/citrix
- canonical/citrix netscaler firmware
- version/citrix netscaler firmware/9.0
- version/citrix netscaler firmware/9.1
- version/citrix netscaler firmware/9.2
- version/citrix netscaler firmware/10.0
- version/citrix netscaler firmware/10.1
- version/citrix netscaler firmware/10.1e
- version/citrix netscaler firmware/10.5
- version/citrix netscaler firmware/10.5e
- canonical/netscaler adc
- canonical/citrix netscaler access gateway