CVE-2015-3642: Infoleak
First published: Wed Aug 02 2017(Updated: )
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Netscaler Firmware | =9.0 | |
| Citrix Netscaler Firmware | =9.1 | |
| Citrix Netscaler Firmware | =9.2 | |
| Citrix Netscaler Firmware | =10.0 | |
| Citrix Netscaler Firmware | =10.1 | |
| Citrix Netscaler Firmware | =10.1e | |
| Citrix Netscaler Firmware | =10.5 | |
| Citrix Netscaler Firmware | =10.5e | |
| Citrix NetScaler Application Delivery Controller | ||
| Citrix NetScaler Gateway |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/citrix
- canonical/citrix netscaler firmware
- version/citrix netscaler firmware/9.0
- version/citrix netscaler firmware/9.1
- version/citrix netscaler firmware/9.2
- version/citrix netscaler firmware/10.0
- version/citrix netscaler firmware/10.1
- version/citrix netscaler firmware/10.1e
- version/citrix netscaler firmware/10.5
- version/citrix netscaler firmware/10.5e
- canonical/citrix netscaler application delivery controller
- canonical/citrix netscaler gateway