CVE-2017-17549
https://notcve.org/view.php?id=CVE-2017-17549
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.5 anteriores a la build 67.13, 11.0 anteriores a la build 71.22, 11.1 anteriores a la build 56.19 y 12.0 anteriores a la build 53.22 permiten que atacantes remotos obtengan información sensible de la negociación TLS del cliente del backend aprovechando el uso de TLS con certificados del cliente y un intercambio de claves Diffie-Hellman Ephemeral (DHE). • http://www.securityfocus.com/bid/102177 http://www.securitytracker.com/id/1040011 https://support.citrix.com/article/ctx230612 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-14602
https://notcve.org/view.php?id=CVE-2017-14602
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. Se ha identificado una vulnerabilidad en la interfaz de gestión de Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.1 anterior a la build 135.18, 10.5 anterior a la build 66.9, 10.5e anterior a la build 60.7010.e, 11.0 anterior a la build 70.16, 11.1 anterior a la build 55.13 y 12.0 anterior a la build 53.13 (excepto la build 41.24) que, si se explota, podría permitir que un atacante con acceso a la interfaz de gestión de NetScaler obtenga acceso administrativo a la aplicación. • http://www.securityfocus.com/bid/100980 https://support.citrix.com/article/CTX227928 https://support.citrix.com/article/CTX228091 • CWE-287: Improper Authentication •
CVE-2017-5933
https://notcve.org/view.php?id=CVE-2017-5933
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. Citrix NetScaler ADC y NetScaler Gateway 10.5 en versiones anteriores a Build 65.11, 11.0 en versiones anteriores a Build 69.12/69.123 y 11.1 en versiones anteriores a Build 51.21 genera aleatoriamente GCM nonces, lo que hace marginalmente más fácil a atacantes remotos obtener la clave de autenticación de GCM y falsificar datos aprovechando aprovechando una nonce reutilizada en una sesión y un "ataque prohibido", un problema similar a CVE-2016-0270. • http://www.securityfocus.com/bid/96151 https://github.com/nonce-disrespect/nonce-disrespect https://support.citrix.com/article/CTX220329 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9028
https://notcve.org/view.php?id=CVE-2016-9028
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. Vulnerabilidad de redirección no autorizada en Citrix NetScaler ADC en versiones anteriores a 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F y 11.1 47.14 permite a un atacante remoto robar las cookies de sesión de un usuario legítimo AAA a través de manipulación del cabecero del Host. • http://www.securityfocus.com/bid/93947 http://www.securitytracker.com/id/1037175 https://support.citrix.com/article/CTX218361 • CWE-254: 7PK - Security Features •
CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. GNU Bash hasta 4.3 bash43-025 procesa cadenas finales después de la definición malformada de funciones en los valores de variables de entorno, lo que permite a atacantes remotos escribir hacia ficheros o posiblemente tener otro impacto desconocido a través de un entorno manipulado, tal y como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en la cual establecer el entorno ocurre a través de un límite privilegiado de la ejecución de Bash. Nota: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-6271. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. • https://www.exploit-db.com/exploits/34777 https://www.exploit-db.com/exploits/34895 https://www.exploit-db.com/exploits/34839 https://www.exploit-db.com/exploits/36503 https://www.exploit-db.com/exploits/36504 https://www.exploit-db.com/exploits/34766 https://www.exploit-db.com/exploits/35115 https://www.exploit-db.com/exploits/36933 https://www.exploit-db.com/exploits/34765 https://www.exploit-db.com/exploits/34860 https://www.exploit-db.com/exploits/34879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •