cvelistv5 - cve-2015-7998

CVE-2015-7998 (GCVE-0-2015-7998)

Vulnerability from cvelistv5 – Published: 2015-11-17 15:00 – Updated: 2024-08-06 08:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id/1034167	vdb-entryx_refsource_SECTRACK
	http://support.citrix.com/article/CTX202482	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034167",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034167"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX202482"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T22:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1034167",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034167"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX202482"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034167",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034167"
            },
            {
              "name": "http://support.citrix.com/article/CTX202482",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX202482"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7998",
    "datePublished": "2015-11-17T15:00:00",
    "dateReserved": "2015-10-28T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_service_delivery_appliance_service_vm:10.5e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40AFE347-13AE-4064-9E71-A9B1959CFABE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A254925E-AD47-4722-AAB2-43A6FEA900AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD151FA3-8B96-48AF-B908-C29EAE88EF5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8C7525B-2A2D-43AF-8DA0-11FF28322337\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"La IU de administraci\\u00f3n en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM), permite a atacantes obtener informaci\\u00f3n sensible a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2015-7998",
      "lastModified": "2024-11-21T02:37:48.847",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-11-17T15:59:20.693",
      "references": "[{\"url\": \"http://support.citrix.com/article/CTX202482\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034167\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.citrix.com/article/CTX202482\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034167\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-7998\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-11-17T15:59:20.693\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"La IU de administraci\u00f3n en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM), permite a atacantes obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_service_delivery_appliance_service_vm:10.5e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40AFE347-13AE-4064-9E71-A9B1959CFABE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A254925E-AD47-4722-AAB2-43A6FEA900AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD151FA3-8B96-48AF-B908-C29EAE88EF5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8C7525B-2A2D-43AF-8DA0-11FF28322337\"}]}]}],\"references\":[{\"url\":\"http://support.citrix.com/article/CTX202482\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034167\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.citrix.com/article/CTX202482\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2015-AVI-485

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Citrix NetScaler Service Delivery Appliance. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Citrix	NetScaler	Citrix NetScaler SDX Virtual Bundle versions 10.1, 10.1e et antérieures incluant la version 10.1 Build 132.8
	Citrix	NetScaler	Citrix NetScaler SDX Virtual Bundle versions 10.5,10.5e et antérieures incluant les versions 10.5 Build 57.7 et 10.5 Build 54.9009.e

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX202482 du 11 novembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix NetScaler SDX Virtual Bundle versions 10.1, 10.1e et ant\u00e9rieures incluant la version 10.1 Build 132.8",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler SDX Virtual Bundle versions 10.5,10.5e et ant\u00e9rieures incluant les versions 10.5 Build 57.7 et 10.5 Build 54.9009.e",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7996"
    },
    {
      "name": "CVE-2015-7998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7998"
    },
    {
      "name": "CVE-2015-7997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7997"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-485",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCitrix NetScaler Service Delivery Appliance\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix NetScaler Service Delivery Appliance",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX202482 du 11 novembre 2015",
      "url": "http://support.citrix.com/article/CTX202482"
    }
  ]
}

CERTFR-2015-AVI-485

Vulnerability from certfr_avis - Published: - Updated:

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Citrix	NetScaler	Citrix NetScaler SDX Virtual Bundle versions 10.1, 10.1e et antérieures incluant la version 10.1 Build 132.8
	Citrix	NetScaler	Citrix NetScaler SDX Virtual Bundle versions 10.5,10.5e et antérieures incluant les versions 10.5 Build 57.7 et 10.5 Build 54.9009.e

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX202482 du 11 novembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix NetScaler SDX Virtual Bundle versions 10.1, 10.1e et ant\u00e9rieures incluant la version 10.1 Build 132.8",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler SDX Virtual Bundle versions 10.5,10.5e et ant\u00e9rieures incluant les versions 10.5 Build 57.7 et 10.5 Build 54.9009.e",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7996"
    },
    {
      "name": "CVE-2015-7998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7998"
    },
    {
      "name": "CVE-2015-7997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7997"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-485",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCitrix NetScaler Service Delivery Appliance\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix NetScaler Service Delivery Appliance",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX202482 du 11 novembre 2015",
      "url": "http://support.citrix.com/article/CTX202482"
    }
  ]
}

GHSA-W38X-2QGG-77H7

Vulnerability from github – Published: 2022-05-17 03:25 – Updated: 2022-05-17 03:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-11-17T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.",
  "id": "GHSA-w38x-2qgg-77h7",
  "modified": "2022-05-17T03:25:29Z",
  "published": "2022-05-17T03:25:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7998"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX202482"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034167"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-07704

Vulnerability from cnvd - Published: 2015-11-23

Title

Citrix NetScaler Application Delivery Controller和NetScaler Gateway信息泄露漏洞（CNVD-2015-07704）

Description

Citrix Systems NetScaler Service Delivery Appliance Service VM（SVM）、NetScaler Application Delivery Controller（ADC）和NetScaler Gateway（前称Citrix Access Gateway Enterprise Edition）都是美国思杰系统（Citrix Systems）公司的产品。NetScaler Service Delivery Appliance SVM是一款用于家电服务的虚拟机产品；NetScaler ADC是一套服务和应用交付解决方案（应用交付控制器）；NetScaler Gateway是一套安全的远程接入解决方案。 Citrix Systems NetScaler Service Delivery Appliance SVM设备上的Citrix Systems NetScaler ADC和NetScaler Gateway的administration UI存在安全漏洞。攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Citrix NetScaler Application Delivery Controller和NetScaler Gateway信息泄露漏洞（CNVD-2015-07704）的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://support.citrix.com/article/CTX202482

Reference

http://support.citrix.com/article/CTX202482

Impacted products

Name
['Citrix NetScaler ADC/NetScaler Gateway <10.1 Build 133.9', 'Citrix NetScaler ADC/NetScaler Gateway 10.5(<Build 58.11)', 'Citrix NetScaler Service Delivery Appliance SVM 10.5.e(<Build 56.1505.e)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "77565"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7998"
    }
  },
  "description": "Citrix Systems NetScaler Service Delivery Appliance Service VM\uff08SVM\uff09\u3001NetScaler Application Delivery Controller\uff08ADC\uff09\u548cNetScaler Gateway\uff08\u524d\u79f0Citrix Access Gateway Enterprise Edition\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NetScaler Service Delivery Appliance SVM\u662f\u4e00\u6b3e\u7528\u4e8e\u5bb6\u7535\u670d\u52a1\u7684\u865a\u62df\u673a\u4ea7\u54c1\uff1bNetScaler ADC\u662f\u4e00\u5957\u670d\u52a1\u548c\u5e94\u7528\u4ea4\u4ed8\u89e3\u51b3\u65b9\u6848\uff08\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff09\uff1bNetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCitrix Systems NetScaler Service Delivery Appliance SVM\u8bbe\u5907\u4e0a\u7684Citrix Systems NetScaler ADC\u548cNetScaler Gateway\u7684administration UI\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Citrix",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://support.citrix.com/article/CTX202482",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07704",
  "openTime": "2015-11-23",
  "patchDescription": "Citrix Systems NetScaler Service Delivery Appliance Service VM\uff08SVM\uff09\u3001NetScaler Application Delivery Controller\uff08ADC\uff09\u548cNetScaler Gateway\uff08\u524d\u79f0Citrix Access Gateway Enterprise Edition\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NetScaler Service Delivery Appliance SVM\u662f\u4e00\u6b3e\u7528\u4e8e\u5bb6\u7535\u670d\u52a1\u7684\u865a\u62df\u673a\u4ea7\u54c1\uff1bNetScaler ADC\u662f\u4e00\u5957\u670d\u52a1\u548c\u5e94\u7528\u4ea4\u4ed8\u89e3\u51b3\u65b9\u6848\uff08\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff09\uff1bNetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002 \r\n\r\nCitrix Systems NetScaler Service Delivery Appliance SVM\u8bbe\u5907\u4e0a\u7684Citrix Systems NetScaler ADC\u548cNetScaler Gateway\u7684administration UI\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix NetScaler Application Delivery Controller\u548cNetScaler Gateway\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-07704\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix NetScaler ADC/NetScaler Gateway \u003c10.1 Build 133.9",
      "Citrix NetScaler ADC/NetScaler Gateway  10.5(\u003cBuild 58.11)",
      "Citrix NetScaler Service Delivery Appliance SVM 10.5.e(\u003cBuild 56.1505.e)"
    ]
  },
  "referenceLink": "http://support.citrix.com/article/CTX202482",
  "serverity": "\u4e2d",
  "submitTime": "2015-11-19",
  "title": "Citrix NetScaler Application Delivery Controller\u548cNetScaler Gateway\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-07704\uff09"
}

GSD-2015-7998

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7998

Aliases

CVE-2015-7998

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7998",
    "description": "The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.",
    "id": "GSD-2015-7998"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7998"
      ],
      "details": "The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.",
      "id": "GSD-2015-7998",
      "modified": "2023-12-13T01:20:02.048385Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-7998",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1034167",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034167"
          },
          {
            "name": "http://support.citrix.com/article/CTX202482",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX202482"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_service_delivery_appliance_service_vm:10.5e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7998"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.citrix.com/article/CTX202482",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.citrix.com/article/CTX202482"
            },
            {
              "name": "1034167",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034167"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-07T18:25Z",
      "publishedDate": "2015-11-17T15:59Z"
    }
  }
}

VAR-201511-0030

Vulnerability from variot - Updated: 2023-12-18 12:57

The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. Citrix NetScaler Service Delivery Appliance is prone to multiple local information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. The following versions are affected: Citrix Systems NetScaler ADC and NetScaler Gateway 10.1 prior to Build 133.9, 10.5 prior to Build 58.11, and 10.5.e prior to Build 56.1505.e

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0030",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler service delivery appliance service vm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "10.5e"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "10.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "10.1"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5.e build 56.1505.e"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5 build 58.11"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5 build 58.11"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5.e"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5.e build 56.1505.e"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5.e"
      },
      {
        "model": "netscaler service delivery appliance service vm",
        "scope": null,
        "trust": 0.8,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler service delivery appliance 10.5e",
        "scope": null,
        "trust": 0.3,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "netscaler service delivery appliance build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.557.7"
      },
      {
        "model": "netscaler service delivery appliance build 54.9009.e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler service delivery appliance 10.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "netscaler service delivery appliance build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.1132.8"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "77565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7998"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_service_delivery_appliance_service_vm:10.5e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7998"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "77565"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-7998",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-7998",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-85959",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7998",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201511-279",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85959",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7998"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. Citrix NetScaler Service Delivery Appliance is prone to multiple local information-disclosure vulnerabilities. \nLocal attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. The following versions are affected: Citrix Systems NetScaler ADC and NetScaler Gateway 10.1 prior to Build 133.9, 10.5 prior to Build 58.11, and 10.5.e prior to Build 56.1505.e",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "db": "BID",
        "id": "77565"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85959"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7998",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1034167",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-279",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "77565",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-85959",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85959"
      },
      {
        "db": "BID",
        "id": "77565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7998"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ]
  },
  "id": "VAR-201511-0030",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85959"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:57:41.080000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CTX202482",
        "trust": 0.8,
        "url": "http://support.citrix.com/article/ctx202482"
      },
      {
        "title": "Citrix Systems NetScaler Application Delivery Controller  and NetScaler Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58765"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7998"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://support.citrix.com/article/ctx202482"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034167"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7998"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7998"
      },
      {
        "trust": 0.3,
        "url": "http://www.citrix.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85959"
      },
      {
        "db": "BID",
        "id": "77565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7998"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85959"
      },
      {
        "db": "BID",
        "id": "77565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7998"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85959"
      },
      {
        "date": "2015-11-11T00:00:00",
        "db": "BID",
        "id": "77565"
      },
      {
        "date": "2015-11-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "date": "2015-11-17T15:59:20.693000",
        "db": "NVD",
        "id": "CVE-2015-7998"
      },
      {
        "date": "2015-11-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85959"
      },
      {
        "date": "2015-11-11T00:00:00",
        "db": "BID",
        "id": "77565"
      },
      {
        "date": "2015-11-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      },
      {
        "date": "2016-12-07T18:25:55.497000",
        "db": "NVD",
        "id": "CVE-2015-7998"
      },
      {
        "date": "2015-11-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Citrix NetScaler Service Delivery Appliance SVM Device  NetScaler ADC and  NetScaler Gateway Vulnerability in which important information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005966"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-279"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-7998

Vulnerability from fkie_nvd - Published: 2015-11-17 15:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://support.citrix.com/article/CTX202482	Patch, Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id/1034167
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX202482	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034167

Impacted products

Vendor	Product	Version
citrix	netscaler_service_delivery_appliance_service_vm	10.5e
citrix	netscaler_gateway_firmware	10.1
citrix	netscaler_gateway_firmware	10.5
citrix	netscaler_application_delivery_controller_firmware	10.1
citrix	netscaler_application_delivery_controller_firmware	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_service_delivery_appliance_service_vm:10.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "40AFE347-13AE-4064-9E71-A9B1959CFABE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A254925E-AD47-4722-AAB2-43A6FEA900AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD151FA3-8B96-48AF-B908-C29EAE88EF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C7525B-2A2D-43AF-8DA0-11FF28322337",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La IU de administraci\u00f3n en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM), permite a atacantes obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7998",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-17T15:59:20.693",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.citrix.com/article/CTX202482"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.citrix.com/article/CTX202482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034167"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7998 (GCVE-0-2015-7998)

CERTFR-2015-AVI-485

Contournement provisoire

CERTFR-2015-AVI-485

Contournement provisoire

GHSA-W38X-2QGG-77H7

CNVD-2015-07704

GSD-2015-7998

VAR-201511-0030

FKIE_CVE-2015-7998

Tags

Sightings

Nomenclature