Sign-up

ID

VAR-201511-0029


CVE

CVE-2015-7997


TITLE

Citrix NetScaler Service Delivery Appliance SVM Device NetScaler ADC and NetScaler Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-005965

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. The following versions are affected: Citrix Systems NetScaler ADC and NetScaler Gateway 10.1 prior to Build 133.9, 10.5 prior to Build 58.11, and 10.5.e prior to Build 56.1505.e

Trust: 1.98

sources: NVD: CVE-2015-7997 // JVNDB: JVNDB-2015-005965 // BID: 77562 // VULHUB: VHN-85958

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1

Trust: 1.6

vendor:citrixmodel:netscaler service delivery appliance service vmscope:eqversion:10.5e

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5.e build 56.1505.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5 build 58.11

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5 build 58.11

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.e build 56.1505.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler service delivery appliance service vmscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler service delivery appliance 10.5escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance buildscope:eqversion:10.557.7

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance build 54.9009.escope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliancescope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance 10.1escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance buildscope:eqversion:10.1132.8

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliancescope:eqversion:10.1

Trust: 0.3

sources: BID: 77562 // JVNDB: JVNDB-2015-005965 // CNNVD: CNNVD-201511-278 // NVD: CVE-2015-7997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7997
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7997
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-278
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85958
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7997
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85958
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85958 // JVNDB: JVNDB-2015-005965 // CNNVD: CNNVD-201511-278 // NVD: CVE-2015-7997

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-85958 // JVNDB: JVNDB-2015-005965 // NVD: CVE-2015-7997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-278

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201511-278

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005965

PATCH
title:CTX202482url:http://support.citrix.com/article/CTX202482
Trust: 0.8
title:Citrix Systems NetScaler Application Delivery Controller  and NetScaler Gateway Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58764
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005965 // 
            
            
            
            CNNVD: CNNVD-201511-278

EXTERNAL IDS
db:NVDid:CVE-2015-7997
Trust: 2.8
db:SECTRACKid:1034167
Trust: 1.1
db:JVNDBid:JVNDB-2015-005965
Trust: 0.8
db:CNNVDid:CNNVD-201511-278
Trust: 0.7
db:BIDid:77562
Trust: 0.4
db:VULHUBid:VHN-85958
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85958 // 
            
            
            
            BID: 77562 // 
            
            
            
            JVNDB: JVNDB-2015-005965 // 
            
            
            
            CNNVD: CNNVD-201511-278 // 
            
            
            
            NVD: CVE-2015-7997

REFERENCES
url:http://support.citrix.com/article/ctx202482
Trust: 2.0
url:http://www.securitytracker.com/id/1034167
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7997
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7997
Trust: 0.8
url:http://www.citrix.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-85958 // 
            
            
            
            BID: 77562 // 
            
            
            
            JVNDB: JVNDB-2015-005965 // 
            
            
            
            CNNVD: CNNVD-201511-278 // 
            
            
            
            NVD: CVE-2015-7997

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 77562

SOURCES
db:VULHUBid:VHN-85958
db:BIDid:77562
db:JVNDBid:JVNDB-2015-005965
db:CNNVDid:CNNVD-201511-278
db:NVDid:CVE-2015-7997

LAST UPDATE DATE
2024-11-23T22:07:57.494000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85958date:2016-12-07T00:00:00
db:BIDid:77562date:2015-11-11T00:00:00
db:JVNDBid:JVNDB-2015-005965date:2015-11-19T00:00:00
db:CNNVDid:CNNVD-201511-278date:2015-11-18T00:00:00
db:NVDid:CVE-2015-7997date:2024-11-21T02:37:48.710

SOURCES RELEASE DATE
db:VULHUBid:VHN-85958date:2015-11-17T00:00:00
db:BIDid:77562date:2015-11-11T00:00:00
db:JVNDBid:JVNDB-2015-005965date:2015-11-19T00:00:00
db:CNNVDid:CNNVD-201511-278date:2015-11-18T00:00:00
db:NVDid:CVE-2015-7997date:2015-11-17T15:59:19.317