Sign-up

ID

VAR-201403-0151


CVE

CVE-2013-6944


TITLE

Citrix NetScaler Application Delivery Controller of AAA TM vServer Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-006147

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Citrix Systems NetScaler Application Delivery Controller (ADC) is a service and application delivery solution (application delivery controller) of Citrix Systems (Citrix Systems). This solution is mainly used to optimize, secure and control the delivery of various enterprise services and cloud services. The following versions are affected: Citrix NetScaler ADC 9.3.x prior to 9.3-64.4, 10.0, 10.1

Trust: 1.98

sources: NVD: CVE-2013-6944 // JVNDB: JVNDB-2013-006147 // BID: 66013 // VULHUB: VHN-66946

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1

Trust: 1.9

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.0

Trust: 1.9

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:9.3\(1\)

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:9.3.e

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.0-77.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:9.3.x

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1-118.7

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:9.3-64.4

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.0

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.1

Trust: 0.8

vendor:citrixmodel:netscaler vpxscope:eqversion:9.3

Trust: 0.3

vendor:citrixmodel:netscaler vpxscope:eqversion:10.0

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:9.3

Trust: 0.3

vendor:citrixmodel:netscaler 9.3.escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscalerscope:eqversion:9.3

Trust: 0.3

vendor:citrixmodel:netscalerscope:eqversion:10.1

Trust: 0.3

vendor:citrixmodel:netscalerscope:eqversion:10.0

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:neversion:9.3-64.4

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:neversion:10.1-118.7

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:neversion:10.0-77.5

Trust: 0.3

sources: BID: 66013 // JVNDB: JVNDB-2013-006147 // CNNVD: CNNVD-201403-189 // NVD: CVE-2013-6944

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6944
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6944
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201403-189
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66946
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6944
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66946
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66946 // JVNDB: JVNDB-2013-006147 // CNNVD: CNNVD-201403-189 // NVD: CVE-2013-6944

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-66946 // JVNDB: JVNDB-2013-006147 // NVD: CVE-2013-6944

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-189

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201403-189

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006147

PATCH
title:CTX139049url:http://support.citrix.com/article/CTX139049
Trust: 0.8
title:agee64-10.1-120.1316.eurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48619
Trust: 0.6
title:AGEE64-bitPlugin-9.3-64.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48617
Trust: 0.6
title:agee64-10.0-77.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48618
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-006147 // 
            
            
            
            CNNVD: CNNVD-201403-189

EXTERNAL IDS
db:NVDid:CVE-2013-6944
Trust: 2.8
db:JVNDBid:JVNDB-2013-006147
Trust: 0.8
db:CNNVDid:CNNVD-201403-189
Trust: 0.7
db:SECUNIAid:57279
Trust: 0.6
db:BIDid:66013
Trust: 0.4
db:VULHUBid:VHN-66946
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66946 // 
            
            
            
            BID: 66013 // 
            
            
            
            JVNDB: JVNDB-2013-006147 // 
            
            
            
            CNNVD: CNNVD-201403-189 // 
            
            
            
            NVD: CVE-2013-6944

REFERENCES
url:http://support.citrix.com/article/ctx139049
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6944
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6944
Trust: 0.8
url:http://secunia.com/advisories/57279
Trust: 0.6
url:http://www.citrix.com/
Trust: 0.3
url:https://www.citrix.com/products/netscaler-application-delivery-controller/overview.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66946 // 
            
            
            
            BID: 66013 // 
            
            
            
            JVNDB: JVNDB-2013-006147 // 
            
            
            
            CNNVD: CNNVD-201403-189 // 
            
            
            
            NVD: CVE-2013-6944

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 66013

SOURCES
db:VULHUBid:VHN-66946
db:BIDid:66013
db:JVNDBid:JVNDB-2013-006147
db:CNNVDid:CNNVD-201403-189
db:NVDid:CVE-2013-6944

LAST UPDATE DATE
2024-11-23T21:45:20.830000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66946date:2014-03-11T00:00:00
db:BIDid:66013date:2014-03-05T00:00:00
db:JVNDBid:JVNDB-2013-006147date:2014-03-12T00:00:00
db:CNNVDid:CNNVD-201403-189date:2014-03-12T00:00:00
db:NVDid:CVE-2013-6944date:2024-11-21T02:00:01.753

SOURCES RELEASE DATE
db:VULHUBid:VHN-66946date:2014-03-11T00:00:00
db:BIDid:66013date:2014-03-05T00:00:00
db:JVNDBid:JVNDB-2013-006147date:2014-03-12T00:00:00
db:CNNVDid:CNNVD-201403-189date:2014-03-12T00:00:00
db:NVDid:CVE-2013-6944date:2014-03-11T13:00:36.247