Описание
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.1 (включая)
Одновременно
Одно из
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*
cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00476
Низкий
8.8 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-254
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
EPSS
Процентиль: 64%
0.00476
Низкий
8.8 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-254