Sign-up

ID

VAR-201405-0321


CVE

CVE-2014-1899


TITLE

Citrix NetScaler Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-002360

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Citrix NetScaler Gateway 10.x prior 10.1.123.9 and 9.x prior 9.3.66.5 are vulnerable. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location

Trust: 1.98

sources: NVD: CVE-2014-1899 // JVNDB: JVNDB-2014-002360 // BID: 67177 // VULHUB: VHN-69838

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler access gatewayscope:eqversion:10.0

Trust: 1.6

vendor:citrixmodel:netscaler access gatewayscope:eqversion:9.3.61.5

Trust: 1.6

vendor:citrixmodel:netscaler access gatewayscope:eqversion:10.1

Trust: 1.6

vendor:citrixmodel:netscaler access gatewayscope:eqversion:9.3

Trust: 1.6

vendor:citrixmodel:netscaler access gatewayscope:eqversion:10.0.74.4

Trust: 1.6

vendor:citrixmodel:netscaler access gatewayscope:eqversion:9.3.62.4

Trust: 1.6

vendor:citrixmodel:netscaler access gatewayscope:eqversion: -

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:ltversion:9.x

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.123.9

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.x

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:9.3.66.5

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:9

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:neversion:9.3.66.5

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:neversion:10.1.123.9

Trust: 0.3

sources: BID: 67177 // JVNDB: JVNDB-2014-002360 // CNNVD: CNNVD-201405-040 // NVD: CVE-2014-1899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1899
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1899
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-040
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69838
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1899
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69838
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69838 // JVNDB: JVNDB-2014-002360 // CNNVD: CNNVD-201405-040 // NVD: CVE-2014-1899

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-69838 // JVNDB: JVNDB-2014-002360 // NVD: CVE-2014-1899

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-040

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201405-040

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002360

PATCH
title:CTX140291url:https://support.citrix.com/article/CTX140291
Trust: 0.8
title:agee-9.3-66.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49710
Trust: 0.6
title:agee-10.1.123.9url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49711
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-002360 // 
            
            
            
            CNNVD: CNNVD-201405-040

EXTERNAL IDS
db:NVDid:CVE-2014-1899
Trust: 2.8
db:BIDid:67177
Trust: 1.4
db:SECTRACKid:1030186
Trust: 1.1
db:JVNDBid:JVNDB-2014-002360
Trust: 0.8
db:CNNVDid:CNNVD-201405-040
Trust: 0.7
db:VULHUBid:VHN-69838
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69838 // 
            
            
            
            BID: 67177 // 
            
            
            
            JVNDB: JVNDB-2014-002360 // 
            
            
            
            CNNVD: CNNVD-201405-040 // 
            
            
            
            NVD: CVE-2014-1899

REFERENCES
url:https://support.citrix.com/article/ctx140291
Trust: 2.0
url:http://www.securityfocus.com/bid/67177
Trust: 1.1
url:http://www.securitytracker.com/id/1030186
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1899
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1899
Trust: 0.8
url:http://www.citrix.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-69838 // 
            
            
            
            BID: 67177 // 
            
            
            
            JVNDB: JVNDB-2014-002360 // 
            
            
            
            CNNVD: CNNVD-201405-040 // 
            
            
            
            NVD: CVE-2014-1899

CREDITS
Benjamin Matt and Thierry Zoller of Verizon
Trust: 0.3
sources:
            
            
            BID: 67177

SOURCES
db:VULHUBid:VHN-69838
db:BIDid:67177
db:JVNDBid:JVNDB-2014-002360
db:CNNVDid:CNNVD-201405-040
db:NVDid:CVE-2014-1899

LAST UPDATE DATE
2024-11-23T22:39:01.599000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69838date:2015-08-05T00:00:00
db:BIDid:67177date:2014-04-30T00:00:00
db:JVNDBid:JVNDB-2014-002360date:2014-05-07T00:00:00
db:CNNVDid:CNNVD-201405-040date:2014-05-07T00:00:00
db:NVDid:CVE-2014-1899date:2024-11-21T02:05:14.153

SOURCES RELEASE DATE
db:VULHUBid:VHN-69838date:2014-05-02T00:00:00
db:BIDid:67177date:2014-04-30T00:00:00
db:JVNDBid:JVNDB-2014-002360date:2014-05-07T00:00:00
db:CNNVDid:CNNVD-201405-040date:2014-05-07T00:00:00
db:NVDid:CVE-2014-1899date:2014-05-02T14:55:05.933