Details of VAR-201509-0322

ID

VAR-201509-0322

CVE

CVE-2015-6672

TITLE

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Management Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-004891

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NetScaler ADC is a service and application delivery solution (application delivery controller); NetScaler Gateway is a secure remote access solution. The following products and versions are affected: Citrix Systems NetScaler ADC and NetScaler Gateway 10.1 prior to Build 132.8, 10.5 prior to Build 57.7, and 10.5e prior to Build 56.1505.e

Trust: 1.8

sources: NVD: CVE-2015-6672 // JVNDB: JVNDB-2015-004891 // VULHUB: VHN-84633 // VULMON: CVE-2015-6672

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1	Trust: 1.6
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5e	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5e	Trust: 1.6
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5	Trust: 1.6
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1	Trust: 1.6
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	10.5e	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	10.5	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5 build 57.7	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5 build 57.7	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5e build 56.1505.e	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	10.5e	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5e build 56.1505.e	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	10.5	Trust: 0.8

sources: JVNDB: JVNDB-2015-004891 // CNNVD: CNNVD-201509-224 // NVD: CVE-2015-6672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6672
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6672
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201509-224
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84633
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-6672
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6672
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-84633
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84633 // VULMON: CVE-2015-6672 // JVNDB: JVNDB-2015-004891 // CNNVD: CNNVD-201509-224 // NVD: CVE-2015-6672

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-84633 // JVNDB: JVNDB-2015-004891 // NVD: CVE-2015-6672

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-224

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201509-224

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004891

PATCH

title:	CTX201334	url:	http://support.citrix.com/article/CTX201334	Trust: 0.8
title:	Citrix Security Bulletins: Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=cb922395c3802bcb12cf5bf0bb4f8f49	Trust: 0.1

sources: VULMON: CVE-2015-6672 // JVNDB: JVNDB-2015-004891

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6672	Trust: 2.6
db:	SECTRACK	id:	1033618	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-004891	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-224	Trust: 0.7
db:	VULHUB	id:	VHN-84633	Trust: 0.1
db:	VULMON	id:	CVE-2015-6672	Trust: 0.1

sources: VULHUB: VHN-84633 // VULMON: CVE-2015-6672 // JVNDB: JVNDB-2015-004891 // CNNVD: CNNVD-201509-224 // NVD: CVE-2015-6672

REFERENCES

url:	http://support.citrix.com/article/ctx201334	Trust: 1.9
url:	http://www.securitytracker.com/id/1033618	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6672	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6672	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-84633 // VULMON: CVE-2015-6672 // JVNDB: JVNDB-2015-004891 // CNNVD: CNNVD-201509-224 // NVD: CVE-2015-6672

SOURCES

db:	VULHUB	id:	VHN-84633
db:	VULMON	id:	CVE-2015-6672
db:	JVNDB	id:	JVNDB-2015-004891
db:	CNNVD	id:	CNNVD-201509-224
db:	NVD	id:	CVE-2015-6672

LAST UPDATE DATE

2024-11-23T22:42:27.465000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84633	date:	2016-12-22T00:00:00
db:	VULMON	id:	CVE-2015-6672	date:	2016-12-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-004891	date:	2015-09-29T00:00:00
db:	CNNVD	id:	CNNVD-201509-224	date:	2015-09-18T00:00:00
db:	NVD	id:	CVE-2015-6672	date:	2024-11-21T02:35:24.520

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84633	date:	2015-09-17T00:00:00
db:	VULMON	id:	CVE-2015-6672	date:	2015-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2015-004891	date:	2015-09-29T00:00:00
db:	CNNVD	id:	CNNVD-201509-224	date:	2015-09-18T00:00:00
db:	NVD	id:	CVE-2015-6672	date:	2015-09-17T16:59:04.010