VAR-201507-0089
Vulnerability from variot - Updated: 2023-12-18 13:09The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. Citrix Access Gateway is a universal SSL VPN device. An attacker may leverage this issue to execute arbitrary shell commands in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The following products and versions are affected: Citrix Systems NetScaler ADC and NetScaler Gateway 10.1 prior to 10.1.132.8, 10.5 prior to Build 56.15, and 10.5.e prior to Build 56.1505.e
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1.128"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1.125"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1.126"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1.126"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1.127"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1.128"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1.127"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1.124"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1.129"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "citrix",
"version": "10.5.51.10"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "citrix",
"version": "10.5.50.10"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.3,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.123"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.122"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.124"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.125"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.120.1316.e"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.123"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.122"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.129"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.121"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.5e"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.120.1316.e"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.5e"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "10.1.121"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5.e build 56.1505.e"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1.132.8"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 56.15"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1.132.8"
},
{
"model": "netscaler application delivery controller",
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5.e"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 56.15"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5.e"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5.e build 56.1505.e"
},
{
"model": "netscaler gateway",
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler adc/netscaler gateway",
"scope": null,
"trust": 0.6,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler adc/netscaler gateway build",
"scope": "lt",
"trust": 0.6,
"vendor": "citrix",
"version": "10.556.15"
},
{
"model": "netscaler adc/netscaler gateway \u003c10.5.e build 56.1505.e",
"scope": null,
"trust": 0.6,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler adc/netscaler gateway",
"scope": "lt",
"trust": 0.6,
"vendor": "citrix",
"version": "10.1.132.8"
},
{
"model": "netscaler gateway 10.5.e build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "54.9009"
},
{
"model": "netscaler gateway 10.5.e build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "53-9010"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5-50.10"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1.128.8"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1.123.9"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1.122.17"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1-129.11"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1-128.8003"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1-126.12"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1-120.1316"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5.51.10"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5.50.10"
},
{
"model": "netscaler application delivery controller build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.555.8"
},
{
"model": "netscaler application delivery controller build",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.553.9"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1.128.8"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1.122.17"
},
{
"model": "netscaler gateway 10.5.e build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "56.1505"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.556.15"
},
{
"model": "netscaler gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1.132.8"
},
{
"model": "netscaler application delivery controller 10.5.e build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "56.1505"
},
{
"model": "netscaler application delivery controller build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.556.15"
},
{
"model": "netscaler application delivery controller",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1.132.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"db": "BID",
"id": "75505"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003889"
},
{
"db": "NVD",
"id": "CVE-2015-5080"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-228"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.123:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.124:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.120.1316.e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.120.1316.e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.127:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.124:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5.50.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5.51.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.121:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.129:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.121:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.122:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.129:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.126:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.127:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.126:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.122:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.123:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5080"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Jensen of Security Assessment",
"sources": [
{
"db": "BID",
"id": "75505"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-228"
}
],
"trust": 0.9
},
"cve": "CVE-2015-5080",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-5080",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04434",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04578",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-83041",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5080",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04434",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04578",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-228",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-83041",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"db": "VULHUB",
"id": "VHN-83041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003889"
},
{
"db": "NVD",
"id": "CVE-2015-5080"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. Citrix Access Gateway is a universal SSL VPN device. \nAn attacker may leverage this issue to execute arbitrary shell commands in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The following products and versions are affected: Citrix Systems NetScaler ADC and NetScaler Gateway 10.1 prior to 10.1.132.8, 10.5 prior to Build 56.15, and 10.5.e prior to Build 56.1505.e",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5080"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003889"
},
{
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"db": "BID",
"id": "75505"
},
{
"db": "VULHUB",
"id": "VHN-83041"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5080",
"trust": 4.0
},
{
"db": "BID",
"id": "75505",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1032762",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003889",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-228",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04434",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-04578",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-83041",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"db": "VULHUB",
"id": "VHN-83041"
},
{
"db": "BID",
"id": "75505"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003889"
},
{
"db": "NVD",
"id": "CVE-2015-5080"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-228"
}
]
},
"id": "VAR-201507-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"db": "VULHUB",
"id": "VHN-83041"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"db": "CNVD",
"id": "CNVD-2015-04578"
}
]
},
"last_update_date": "2023-12-18T13:09:10.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX201149",
"trust": 0.8,
"url": "http://support.citrix.com/article/ctx201149"
},
{
"title": "Patch for Citrix NetScaler ADC and NetScaler Gateway Remote Arbitrary Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60712"
},
{
"title": "Patch for Citrix NetScaler ADC and NetScaler Gateway Remote Arbitrary Shell Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60934"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003889"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003889"
},
{
"db": "NVD",
"id": "CVE-2015-5080"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://support.citrix.com/article/ctx201149"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/75505"
},
{
"trust": 1.7,
"url": "http://security-assessment.com/files/documents/advisory/citrix-netscaler-final.pdf"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032762"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5080"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5080"
},
{
"trust": 0.3,
"url": "https://www.citrix.com/products/netscaler-application-delivery-controller/overview.html"
},
{
"trust": 0.3,
"url": "https://www.citrix.com/products/netscaler-gateway/overview.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"db": "VULHUB",
"id": "VHN-83041"
},
{
"db": "BID",
"id": "75505"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003889"
},
{
"db": "NVD",
"id": "CVE-2015-5080"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"db": "VULHUB",
"id": "VHN-83041"
},
{
"db": "BID",
"id": "75505"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003889"
},
{
"db": "NVD",
"id": "CVE-2015-5080"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"date": "2015-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"date": "2015-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-83041"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75505"
},
{
"date": "2015-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003889"
},
{
"date": "2015-07-16T14:59:05.933000",
"db": "NVD",
"id": "CVE-2015-5080"
},
{
"date": "2015-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04434"
},
{
"date": "2015-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04578"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-83041"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75505"
},
{
"date": "2015-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003889"
},
{
"date": "2016-12-07T18:15:48.157000",
"db": "NVD",
"id": "CVE-2015-5080"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-228"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Application Delivery Controller and NetScaler Gateway of Management Interface In any shell Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003889"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "75505"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…