CVE-2015-3642
Last modified
CVE-2015-3642 is a vulnerability of currently unknown severity. The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Application Delivery Controller | All versions |
| Citrix | Netscaler Gateway | All versions |
References
- http://support.citrix.com/article/CTX200378Vendor Advisory
- http://support.citrix.com/article/CTX200378Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-3642?
How severe is CVE-2015-3642?
How do I fix CVE-2015-3642?
Are you affected by CVE-2015-3642?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST