Published: 28/10/2016 Updated: 29/07/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Unauthorized redirect vulnerability in Citrix NetScaler ADC prior to 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote malicious user to steal session cookies of a legitimate AAA user via manipulation of Host header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrix netscaler application delivery controller firmware
citrix netscaler application delivery controller firmware 10.5
citrix netscaler application delivery controller firmware 11.0
citrix netscaler application delivery controller firmware 11.1

Description of Problem An unauthorized redirect vulnerability has been identified in Citrix NetScaler ADC in the AAA-TM flow that could allow a remote attacker to obtain session cookies of a redirected AAA user This vulnerability does not impact NetScaler Gateway The following vulnerability has been addressed: CVE-2016-9028: Unauthorized Redirect ...

CWE-254 https://support.citrix.com/article/CTX218361 http://www.securityfocus.com/bid/93947 http://www.securitytracker.com/id/1037175 https://nvd.nist.gov https://support.citrix.com/article/CTX218361

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-9028

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect