Strix
26.1K

CVE-2016-9028

UnknownEPSS 1.83%

Last modified

CVE-2016-9028 is a vulnerability of currently unknown severity. Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.. EPSS estimates a 1.83% chance of exploitation in the next 30 days.

Description

Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.

Metrics

EPSS Probability
1.83%

76.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CitrixNetscaler Application Delivery Controller Firmware<= 10.1
CitrixNetscaler Application Delivery Controller Firmware10.5
CitrixNetscaler Application Delivery Controller Firmware11.0
CitrixNetscaler Application Delivery Controller Firmware11.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2016-9028?
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
How severe is CVE-2016-9028?
Severity scoring for CVE-2016-9028 is pending analysis. The EPSS model estimates a 1.83% probability of exploitation in the next 30 days.
How do I fix CVE-2016-9028?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-9028?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST