Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7996

The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.

Published

2015-11-17T15:59:17.770

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.5	Yes
Operating System	citrix	netscaler_service_delivery_appliance_service_vm	10.5e	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1	Yes
Operating System	citrix	netscaler_gateway_firmware	10.5	Yes

References

http://support.citrix.com/article/CTX202482 Patch, Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1034167 ([email protected])
http://support.citrix.com/article/CTX202482 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034167 (af854a3a-2127-422b-91ae-364da2661108)