Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-6485

Published: 22/02/2019 Updated: 24/08/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Citrix

Vulnerability Summary

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote malicious users to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

citrix netscaler_gateway_firmware 11.1

citrix netscaler_gateway_firmware 12.0

citrix netscaler_gateway_firmware 11.0

citrix netscaler_gateway_firmware 10.5

citrix netscaler_gateway_firmware 12.1

citrix netscaler_application_delivery_controller_firmware 11.1

citrix netscaler_application_delivery_controller_firmware 12.0

citrix netscaler_application_delivery_controller_firmware 11.0

citrix netscaler_application_delivery_controller_firmware 10.5

citrix netscaler_application_delivery_controller_firmware 12.1

Vendor Advisories

Citrix Security Bulletins: CVE-2019-6485 - TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway
Description of Problem A vulnerability has been identified in the Citrix Application Delivery Controller (ADC) formally known as NetScaler ADC and NetScaler Gateway platforms using hardware acceleration that could allow an attacker to exploit the appliance to decrypt TLS traffic This vulnerability does not directly allow an attacker to obtain the ...

Github Repositories

https://github.com/tls-attacker/TLS-Padding-Oracles

New TLS Padding Oracles

TLS Padding Oracles The TLS protocol provides encryption, data integrity, and authentication on the modern Internet Despite the protocol’s importance, currently-deployed TLS versions use obsolete cryptographic algorithms which have been broken using various attacks One prominent class of such attacks is CBC padding oracle attacks These attacks allow an adversary to dec

https://github.com/RUB-NDS/TLS-Padding-Oracles

New TLS Padding Oracles

TLS Padding Oracles The TLS protocol provides encryption, data integrity, and authentication on the modern Internet Despite the protocol’s importance, currently-deployed TLS versions use obsolete cryptographic algorithms which have been broken using various attacks One prominent class of such attacks is CBC padding oracle attacks These attacks allow an adversary to dec

References

CWE-327https://support.citrix.com/article/CTX240139http://www.securityfocus.com/bid/106783https://github.com/RUB-NDS/TLS-Padding-Oracleshttps://nvd.nist.govhttps://github.com/tls-attacker/TLS-Padding-Oracleshttps://support.citrix.com/article/CTX240139
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook