CVE-2015-3642 (GCVE-0-2015-3642)

Vulnerability from cvelistv5 – Published: 2017-08-02 19:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:58.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX200378"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-02T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX200378"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3642",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.citrix.com/article/CTX200378",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX200378"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3642",
    "datePublished": "2017-08-02T19:00:00",
    "dateReserved": "2015-05-04T00:00:00",
    "dateUpdated": "2024-08-06T05:47:58.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77E759CD-4DF3-4B30-ADFD-9E63F753DFC1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CC7D1B6-5C2D-4407-A55C-78FE6B899B46\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2391E6E2-5E57-4E35-8F2C-89813F999F1F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61D94767-47A9-4516-BB4F-7800301214EB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99708F67-F4F1-4651-88FB-97869B9704C0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0F108EA-A307-46FE-A093-5EF78182BC2A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"208B0DD8-6635-4201-B565-FDA647F9F2E3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77E759CD-4DF3-4B30-ADFD-9E63F753DFC1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CC7D1B6-5C2D-4407-A55C-78FE6B899B46\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2391E6E2-5E57-4E35-8F2C-89813F999F1F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61D94767-47A9-4516-BB4F-7800301214EB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99708F67-F4F1-4651-88FB-97869B9704C0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0F108EA-A307-46FE-A093-5EF78182BC2A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"208B0DD8-6635-4201-B565-FDA647F9F2E3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEBB9B6A-1CAD-4D82-9B1E-939921986053\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).\"}, {\"lang\": \"es\", \"value\": \"Las funcionalidades de procesamiento TLS y DTLS en dispositivos Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway con versiones de firmware 9.x anteriores a 9.3 Build 68.5, 10.0 en su versi\\u00f3n Build 78.6, 10.1 anterior a Build 130.13, 10.1.e anterior a Build 130.1302.e, 10.5 anterior a Build 55.8, y 10.5.e anterior a Build 55.8007.e hacen que sea m\\u00e1s f\\u00e1cil que atacantes que realizan Man-in-the-middle obtengan datos en texto plano mediante un ataque padding-oracle, variante de CVE-2014-3566, tambi\\u00e9n conocido como POODLE.\"}]",
      "id": "CVE-2015-3642",
      "lastModified": "2024-11-21T02:29:33.240",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-02T19:29:00.477",
      "references": "[{\"url\": \"http://support.citrix.com/article/CTX200378\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.citrix.com/article/CTX200378\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3642\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-02T19:29:00.477\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).\"},{\"lang\":\"es\",\"value\":\"Las funcionalidades de procesamiento TLS y DTLS en dispositivos Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway con versiones de firmware 9.x anteriores a 9.3 Build 68.5, 10.0 en su versi\u00f3n Build 78.6, 10.1 anterior a Build 130.13, 10.1.e anterior a Build 130.1302.e, 10.5 anterior a Build 55.8, y 10.5.e anterior a Build 55.8007.e hacen que sea m\u00e1s f\u00e1cil que atacantes que realizan Man-in-the-middle obtengan datos en texto plano mediante un ataque padding-oracle, variante de CVE-2014-3566, tambi\u00e9n conocido como POODLE.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E759CD-4DF3-4B30-ADFD-9E63F753DFC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CC7D1B6-5C2D-4407-A55C-78FE6B899B46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2391E6E2-5E57-4E35-8F2C-89813F999F1F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61D94767-47A9-4516-BB4F-7800301214EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99708F67-F4F1-4651-88FB-97869B9704C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0F108EA-A307-46FE-A093-5EF78182BC2A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"208B0DD8-6635-4201-B565-FDA647F9F2E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E759CD-4DF3-4B30-ADFD-9E63F753DFC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CC7D1B6-5C2D-4407-A55C-78FE6B899B46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2391E6E2-5E57-4E35-8F2C-89813F999F1F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61D94767-47A9-4516-BB4F-7800301214EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99708F67-F4F1-4651-88FB-97869B9704C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0F108EA-A307-46FE-A093-5EF78182BC2A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"208B0DD8-6635-4201-B565-FDA647F9F2E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEBB9B6A-1CAD-4D82-9B1E-939921986053\"}]}]}],\"references\":[{\"url\":\"http://support.citrix.com/article/CTX200378\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.citrix.com/article/CTX200378\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.