CVE-2020-10112

Опубликовано: 06 мар. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 5.8

EPSS Низкий

Описание

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default

Ссылки

http://packetstormsecurity.com/files/156660/Citrix-Gateway-11.1-12.0-12.1-Cache-Poisoning.html
http://seclists.org/fulldisclosure/2020/Mar/8
Exploit
Mailing List
Third Party Advisory
https://support.citrix.com/search
Vendor Advisory
http://packetstormsecurity.com/files/156660/Citrix-Gateway-11.1-12.0-12.1-Cache-Poisoning.html
http://seclists.org/fulldisclosure/2020/Mar/8
Exploit
Mailing List
Third Party Advisory
https://support.citrix.com/search
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:citrix:gateway_firmware:11.1:*:*:*:*:*:*:*

cpe:2.3:o:citrix:gateway_firmware:12.0:*:*:*:*:*:*:*

cpe:2.3:o:citrix:gateway_firmware:12.1:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00501

Низкий

5.4 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-444

Связанные уязвимости

GHSA-cvxg-mfrc-h7wv