Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106783 | Third Party Advisory VDB Entry |
https://github.com/RUB-NDS/TLS-Padding-Oracles | Product Third Party Advisory |
https://support.citrix.com/article/CTX240139 | Mitigation Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
No history.
Information
Published : 2019-02-22 23:29
Updated : 2024-02-04 20:03
NVD link : CVE-2019-6485
Mitre link : CVE-2019-6485
CVE.ORG link : CVE-2019-6485
JSON object : View
Products Affected
citrix
- netscaler_application_delivery_controller
- netscaler_application_delivery_controller_firmware
- netscaler_gateway
- netscaler_gateway_firmware
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm