Sign-up

ID

VAR-201511-0030


CVE

CVE-2015-7998


TITLE

Citrix NetScaler Service Delivery Appliance SVM Device NetScaler ADC and NetScaler Gateway Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-005966

DESCRIPTION

The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. Citrix NetScaler Service Delivery Appliance is prone to multiple local information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. The following versions are affected: Citrix Systems NetScaler ADC and NetScaler Gateway 10.1 prior to Build 133.9, 10.5 prior to Build 58.11, and 10.5.e prior to Build 56.1505.e

Trust: 1.98

sources: NVD: CVE-2015-7998 // JVNDB: JVNDB-2015-005966 // BID: 77565 // VULHUB: VHN-85959

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1

Trust: 1.6

vendor:citrixmodel:netscaler service delivery appliance service vmscope:eqversion:10.5e

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5.e build 56.1505.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5 build 58.11

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5 build 58.11

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.e build 56.1505.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler service delivery appliance service vmscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler service delivery appliance 10.5escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance buildscope:eqversion:10.557.7

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance build 54.9009.escope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliancescope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance 10.1escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliance buildscope:eqversion:10.1132.8

Trust: 0.3

vendor:citrixmodel:netscaler service delivery appliancescope:eqversion:10.1

Trust: 0.3

sources: BID: 77565 // JVNDB: JVNDB-2015-005966 // CNNVD: CNNVD-201511-279 // NVD: CVE-2015-7998

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7998
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7998
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-279
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85959
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7998
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85959
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85959 // JVNDB: JVNDB-2015-005966 // CNNVD: CNNVD-201511-279 // NVD: CVE-2015-7998

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-85959 // JVNDB: JVNDB-2015-005966 // NVD: CVE-2015-7998

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-279

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201511-279

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005966

PATCH
title:CTX202482url:http://support.citrix.com/article/CTX202482
Trust: 0.8
title:Citrix Systems NetScaler Application Delivery Controller  and NetScaler Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58765
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005966 // 
            
            
            
            CNNVD: CNNVD-201511-279

EXTERNAL IDS
db:NVDid:CVE-2015-7998
Trust: 2.8
db:SECTRACKid:1034167
Trust: 1.1
db:JVNDBid:JVNDB-2015-005966
Trust: 0.8
db:CNNVDid:CNNVD-201511-279
Trust: 0.7
db:BIDid:77565
Trust: 0.3
db:VULHUBid:VHN-85959
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85959 // 
            
            
            
            BID: 77565 // 
            
            
            
            JVNDB: JVNDB-2015-005966 // 
            
            
            
            CNNVD: CNNVD-201511-279 // 
            
            
            
            NVD: CVE-2015-7998

REFERENCES
url:http://support.citrix.com/article/ctx202482
Trust: 2.0
url:http://www.securitytracker.com/id/1034167
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7998
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7998
Trust: 0.8
url:http://www.citrix.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-85959 // 
            
            
            
            BID: 77565 // 
            
            
            
            JVNDB: JVNDB-2015-005966 // 
            
            
            
            CNNVD: CNNVD-201511-279 // 
            
            
            
            NVD: CVE-2015-7998

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 77565

SOURCES
db:VULHUBid:VHN-85959
db:BIDid:77565
db:JVNDBid:JVNDB-2015-005966
db:CNNVDid:CNNVD-201511-279
db:NVDid:CVE-2015-7998

LAST UPDATE DATE
2024-11-23T22:07:57.524000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85959date:2016-12-07T00:00:00
db:BIDid:77565date:2015-11-11T00:00:00
db:JVNDBid:JVNDB-2015-005966date:2015-11-19T00:00:00
db:CNNVDid:CNNVD-201511-279date:2015-11-18T00:00:00
db:NVDid:CVE-2015-7998date:2024-11-21T02:37:48.847

SOURCES RELEASE DATE
db:VULHUBid:VHN-85959date:2015-11-17T00:00:00
db:BIDid:77565date:2015-11-11T00:00:00
db:JVNDBid:JVNDB-2015-005966date:2015-11-19T00:00:00
db:CNNVDid:CNNVD-201511-279date:2015-11-18T00:00:00
db:NVDid:CVE-2015-7998date:2015-11-17T15:59:20.693