Sign-up

ID

VAR-201602-0346


CVE

CVE-2016-2072


TITLE

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Management Web Vulnerabilities that could cause clickjacking attacks in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2016-001703

DESCRIPTION

The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlA clickjacking attack may be performed by a third party. A remote attacker can exploit this vulnerability to implement clickjacking attacks

Trust: 1.8

sources: NVD: CVE-2016-2072 // JVNDB: JVNDB-2016-001703 // VULHUB: VHN-90891 // VULMON: CVE-2016-2072

AFFECTED PRODUCTS

vendor:citrixmodel:netscalerscope:eqversion:11.0

Trust: 1.0

vendor:citrixmodel:netscalerscope:eqversion:10.5e

Trust: 1.0

vendor:citrixmodel:netscalerscope:eqversion:10.1

Trust: 1.0

vendor:citrixmodel:netscalerscope:eqversion:10.5

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:11.x

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.e build 59.1305.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.0 build 64.34

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:11.x

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5 build 59.13

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5.e build 59.1305.e

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.0 build 64.34

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5 build 59.13

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion: -

Trust: 0.6

vendor:citrixmodel:netscaler gatewayscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2016-001703 // CNNVD: CNNVD-201602-321 // NVD: CVE-2016-2072

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2072
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-2072
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201602-321
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90891
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-2072
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-2072
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90891
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2072
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90891 // VULMON: CVE-2016-2072 // JVNDB: JVNDB-2016-001703 // CNNVD: CNNVD-201602-321 // NVD: CVE-2016-2072

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-90891 // JVNDB: JVNDB-2016-001703 // NVD: CVE-2016-2072

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-321

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201602-321

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001703

PATCH
title:CTX206001url:http://support.citrix.com/article/CTX206001
Trust: 0.8
title:Citrix Systems NetScaler Application Delivery Controller  and NetScaler Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60257
Trust: 0.6
title:Citrix Security Bulletins: Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=35f27983a466a44995cc8bdefe90f69a
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-2072 // 
            
            
            
            JVNDB: JVNDB-2016-001703 // 
            
            
            
            CNNVD: CNNVD-201602-321

EXTERNAL IDS
db:NVDid:CVE-2016-2072
Trust: 2.6
db:SECTRACKid:1035098
Trust: 1.2
db:JVNDBid:JVNDB-2016-001703
Trust: 0.8
db:CNNVDid:CNNVD-201602-321
Trust: 0.7
db:VULHUBid:VHN-90891
Trust: 0.1
db:BIDid:83183
Trust: 0.1
db:VULMONid:CVE-2016-2072
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90891 // 
            
            
            
            VULMON: CVE-2016-2072 // 
            
            
            
            JVNDB: JVNDB-2016-001703 // 
            
            
            
            CNNVD: CNNVD-201602-321 // 
            
            
            
            NVD: CVE-2016-2072

REFERENCES
url:http://support.citrix.com/article/ctx206001
Trust: 1.9
url:http://www.securitytracker.com/id/1035098
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2072
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2072
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/254.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/83183
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90891 // 
            
            
            
            VULMON: CVE-2016-2072 // 
            
            
            
            JVNDB: JVNDB-2016-001703 // 
            
            
            
            CNNVD: CNNVD-201602-321 // 
            
            
            
            NVD: CVE-2016-2072

SOURCES
db:VULHUBid:VHN-90891
db:VULMONid:CVE-2016-2072
db:JVNDBid:JVNDB-2016-001703
db:CNNVDid:CNNVD-201602-321
db:NVDid:CVE-2016-2072

LAST UPDATE DATE
2024-11-23T22:01:34.071000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90891date:2016-12-03T00:00:00
db:VULMONid:CVE-2016-2072date:2016-12-03T00:00:00
db:JVNDBid:JVNDB-2016-001703date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201602-321date:2016-02-18T00:00:00
db:NVDid:CVE-2016-2072date:2024-11-21T02:47:45.027

SOURCES RELEASE DATE
db:VULHUBid:VHN-90891date:2016-02-17T00:00:00
db:VULMONid:CVE-2016-2072date:2016-02-17T00:00:00
db:JVNDBid:JVNDB-2016-001703date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201602-321date:2016-02-18T00:00:00
db:NVDid:CVE-2016-2072date:2016-02-17T15:59:05.750