CVE-2020-10111

Опубликовано: 06 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization

Ссылки

http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html
http://seclists.org/fulldisclosure/2020/Mar/11
Exploit
Mailing List
Third Party Advisory
https://support.citrix.com/search
Vendor Advisory
http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html
http://seclists.org/fulldisclosure/2020/Mar/11
Exploit
Mailing List
Third Party Advisory
https://support.citrix.com/search
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:citrix:gateway_firmware:11.1:*:*:*:*:*:*:*

cpe:2.3:o:citrix:gateway_firmware:12.0:*:*:*:*:*:*:*

cpe:2.3:o:citrix:gateway_firmware:12.1:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00501

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-444

Связанные уязвимости

GHSA-c238-w6xv-cj4m