Details of VAR-201403-0149

ID

VAR-201403-0149

CVE

CVE-2013-6942

TITLE

Citrix NetScaler Application Delivery Controller Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2013-006145

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Citrix NetScaler is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible. are vulnerable. This solution is mainly used to optimize, secure and control the delivery of various enterprise services and cloud services

Trust: 1.98

sources: NVD: CVE-2013-6942 // JVNDB: JVNDB-2013-006145 // BID: 66018 // VULHUB: VHN-66944

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3\(1\)	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3.e	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.0	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.0-77.5	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	9.3.x	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1-118.7	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3-64.4	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	10.0	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	10.1	Trust: 0.8

sources: JVNDB: JVNDB-2013-006145 // CNNVD: CNNVD-201403-187 // NVD: CVE-2013-6942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6942
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6942
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201403-187
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66944
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6942
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66944
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66944 // JVNDB: JVNDB-2013-006145 // CNNVD: CNNVD-201403-187 // NVD: CVE-2013-6942

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-66944 // JVNDB: JVNDB-2013-006145 // NVD: CVE-2013-6942

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-187

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201403-187

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006145

PATCH

title:	CTX139049	url:	http://support.citrix.com/article/CTX139049	Trust: 0.8
title:	agee64-10.1-120.1316.e	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48619	Trust: 0.6
title:	AGEE64-bitPlugin-9.3-64.4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48617	Trust: 0.6
title:	agee64-10.0-77.5	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48618	Trust: 0.6

sources: JVNDB: JVNDB-2013-006145 // CNNVD: CNNVD-201403-187

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6942	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-006145	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-187	Trust: 0.7
db:	SECUNIA	id:	57279	Trust: 0.6
db:	BID	id:	66018	Trust: 0.4
db:	VULHUB	id:	VHN-66944	Trust: 0.1

sources: VULHUB: VHN-66944 // BID: 66018 // JVNDB: JVNDB-2013-006145 // CNNVD: CNNVD-201403-187 // NVD: CVE-2013-6942

REFERENCES

url:	http://support.citrix.com/article/ctx139049	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6942	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6942	Trust: 0.8
url:	http://secunia.com/advisories/57279	Trust: 0.6
url:	http://www.citrix.com/	Trust: 0.3

sources: VULHUB: VHN-66944 // BID: 66018 // JVNDB: JVNDB-2013-006145 // CNNVD: CNNVD-201403-187 // NVD: CVE-2013-6942

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66018

SOURCES

db:	VULHUB	id:	VHN-66944
db:	BID	id:	66018
db:	JVNDB	id:	JVNDB-2013-006145
db:	CNNVD	id:	CNNVD-201403-187
db:	NVD	id:	CVE-2013-6942

LAST UPDATE DATE

2024-11-23T21:45:20.892000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66944	date:	2014-03-11T00:00:00
db:	BID	id:	66018	date:	2014-03-07T00:44:00
db:	JVNDB	id:	JVNDB-2013-006145	date:	2014-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201403-187	date:	2014-03-12T00:00:00
db:	NVD	id:	CVE-2013-6942	date:	2024-11-21T02:00:01.383

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66944	date:	2014-03-11T00:00:00
db:	BID	id:	66018	date:	2014-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2013-006145	date:	2014-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201403-187	date:	2014-03-12T00:00:00
db:	NVD	id:	CVE-2013-6942	date:	2014-03-11T13:00:36.233