Details of VAR-202003-0212

ID

VAR-202003-0212

CVE

CVE-2020-10112

TITLE

Citrix Gateway In HTTP Request Smagling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-002527

DESCRIPTION

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default. Citrix Gateway To HTTP There is a vulnerability related to Request Smagling.Information may be obtained and tampered with. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location

Trust: 1.71

sources: NVD: CVE-2020-10112 // JVNDB: JVNDB-2020-002527 // VULHUB: VHN-162558

AFFECTED PRODUCTS

vendor:	citrix	model:	gateway	scope:	eq	version:	11.1	Trust: 1.8
vendor:	citrix	model:	gateway	scope:	eq	version:	12.0	Trust: 1.8
vendor:	citrix	model:	gateway	scope:	eq	version:	12.1	Trust: 1.8

sources: JVNDB: JVNDB-2020-002527 // NVD: CVE-2020-10112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10112
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002527
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202003-252
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-162558
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10112
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002527
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-162558
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-10112
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002527
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-162558 // JVNDB: JVNDB-2020-002527 // CNNVD: CNNVD-202003-252 // NVD: CVE-2020-10112

PROBLEMTYPE DATA

problemtype:

CWE-444

Trust: 1.9

sources: VULHUB: VHN-162558 // JVNDB: JVNDB-2020-002527 // NVD: CVE-2020-10112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-252

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-252

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002527

PATCH

title:

Support Knowledge Center

url:

https://support.citrix.com/search#/

Trust: 0.8

sources: JVNDB: JVNDB-2020-002527

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10112	Trust: 2.5
db:	PACKETSTORM	id:	156660	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-002527	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-252	Trust: 0.7
db:	NSFOCUS	id:	46104	Trust: 0.6
db:	CNVD	id:	CNVD-2020-16678	Trust: 0.1
db:	VULHUB	id:	VHN-162558	Trust: 0.1

sources: VULHUB: VHN-162558 // JVNDB: JVNDB-2020-002527 // CNNVD: CNNVD-202003-252 // NVD: CVE-2020-10112

REFERENCES

url:	http://packetstormsecurity.com/files/156660/citrix-gateway-11.1-12.0-12.1-cache-poisoning.html	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2020/mar/8	Trust: 1.7
url:	https://support.citrix.com/search	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10112	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10112	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/46104	Trust: 0.6

sources: VULHUB: VHN-162558 // JVNDB: JVNDB-2020-002527 // CNNVD: CNNVD-202003-252 // NVD: CVE-2020-10112

CREDITS

Micha Borrmann

Trust: 0.6

sources: CNNVD: CNNVD-202003-252

SOURCES

db:	VULHUB	id:	VHN-162558
db:	JVNDB	id:	JVNDB-2020-002527
db:	CNNVD	id:	CNNVD-202003-252
db:	NVD	id:	CVE-2020-10112

LAST UPDATE DATE

2024-11-23T22:55:16.835000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-162558	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-002527	date:	2020-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202003-252	date:	2020-03-19T00:00:00
db:	NVD	id:	CVE-2020-10112	date:	2024-11-21T04:54:50.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-162558	date:	2020-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-002527	date:	2020-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202003-252	date:	2020-03-06T00:00:00
db:	NVD	id:	CVE-2020-10112	date:	2020-03-06T21:15:15.280