Published: 28/10/2016 Updated: 29/07/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Subscribe to Netscaler Application Delivery Controller Firmware

Unauthorized redirect vulnerability in Citrix NetScaler ADC prior to 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote malicious user to steal session cookies of a legitimate AAA user via manipulation of Host header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_application_delivery_controller_firmware
citrix netscaler_application_delivery_controller_firmware 11.1
citrix netscaler_application_delivery_controller_firmware 11.0

Description of Problem An unauthorized redirect vulnerability has been identified in Citrix NetScaler ADC in the AAA-TM flow that could allow a remote attacker to obtain session cookies of a redirected AAA user This vulnerability does not impact NetScaler Gateway The following vulnerability has been addressed: CVE-2016-9028: Unauthorized Redirect ...

CWE-254 https://support.citrix.com/article/CTX218361 http://www.securityfocus.com/bid/93947 http://www.securitytracker.com/id/1037175 https://nvd.nist.gov https://support.citrix.com/article/CTX218361

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-9028

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect