Sign-up

ID

VAR-201511-0028


CVE

CVE-2015-7996


TITLE

Citrix NetScaler Service Delivery Appliance SVM Device NetScaler ADC and NetScaler Gateway Vulnerabilities in which credentials are obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-005964

DESCRIPTION

The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. Citrix NetScaler Service Delivery Appliance is prone to multiple local information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. The following versions are affected: Citrix Systems NetScaler ADC and NetScaler Gateway 10.1 prior to Build 133.9, 10.5 prior to Build 58.11, and 10.5.e prior to Build 56.1505.e

Trust: 1.98

sources: NVD: CVE-2015-7996 // JVNDB: JVNDB-2015-005964 // BID: 77565 // VULHUB: VHN-85957

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1

Trust: 1.6

vendor:citrixmodel:netscaler service delivery appliance service vmscope:eqversion:10.5e

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5.e build 56.1505.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5 build 58.11

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5 build 58.11

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.e build 56.1505.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler service delivery appliance service vmscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler service delivery appliance 10.5escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance buildscope:eqversion:10.557.7

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance build 54.9009.escope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliancescope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance 10.1escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance buildscope:eqversion:10.1132.8

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliancescope:eqversion:10.1

Trust: 0.3

sources: BID: 77565 // JVNDB: JVNDB-2015-005964 // CNNVD: CNNVD-201511-277 // NVD: CVE-2015-7996

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7996
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7996
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-277
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85957
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7996
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85957
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85957 // JVNDB: JVNDB-2015-005964 // CNNVD: CNNVD-201511-277 // NVD: CVE-2015-7996

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-85957 // JVNDB: JVNDB-2015-005964 // NVD: CVE-2015-7996

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-277

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201511-277

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005964

PATCH
title:CTX202482url:http://support.citrix.com/article/CTX202482
Trust: 0.8
title:Citrix Systems NetScaler Application Delivery Controller  and NetScaler Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58763
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005964 // 
            
            
            
            CNNVD: CNNVD-201511-277

EXTERNAL IDS
db:NVDid:CVE-2015-7996
Trust: 2.8
db:SECTRACKid:1034167
Trust: 1.1
db:JVNDBid:JVNDB-2015-005964
Trust: 0.8
db:CNNVDid:CNNVD-201511-277
Trust: 0.7
db:BIDid:77565
Trust: 0.3
db:VULHUBid:VHN-85957
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85957 // 
            
            
            
            BID: 77565 // 
            
            
            
            JVNDB: JVNDB-2015-005964 // 
            
            
            
            CNNVD: CNNVD-201511-277 // 
            
            
            
            NVD: CVE-2015-7996

REFERENCES
url:http://support.citrix.com/article/ctx202482
Trust: 2.0
url:http://www.securitytracker.com/id/1034167
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7996
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7996
Trust: 0.8
url:http://www.citrix.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-85957 // 
            
            
            
            BID: 77565 // 
            
            
            
            JVNDB: JVNDB-2015-005964 // 
            
            
            
            CNNVD: CNNVD-201511-277 // 
            
            
            
            NVD: CVE-2015-7996

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 77565

SOURCES
db:VULHUBid:VHN-85957
db:BIDid:77565
db:JVNDBid:JVNDB-2015-005964
db:CNNVDid:CNNVD-201511-277
db:NVDid:CVE-2015-7996

LAST UPDATE DATE
2024-11-23T22:07:57.464000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85957date:2016-12-07T00:00:00
db:BIDid:77565date:2015-11-11T00:00:00
db:JVNDBid:JVNDB-2015-005964date:2015-11-19T00:00:00
db:CNNVDid:CNNVD-201511-277date:2015-11-18T00:00:00
db:NVDid:CVE-2015-7996date:2024-11-21T02:37:48.560

SOURCES RELEASE DATE
db:VULHUBid:VHN-85957date:2015-11-17T00:00:00
db:BIDid:77565date:2015-11-11T00:00:00
db:JVNDBid:JVNDB-2015-005964date:2015-11-19T00:00:00
db:CNNVDid:CNNVD-201511-277date:2015-11-18T00:00:00
db:NVDid:CVE-2015-7996date:2015-11-17T15:59:17.770