CVE-2015-3642
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Las funcionalidades de procesamiento TLS y DTLS en dispositivos Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway con versiones de firmware 9.x anteriores a 9.3 Build 68.5, 10.0 en su versión Build 78.6, 10.1 anterior a Build 130.13, 10.1.e anterior a Build 130.1302.e, 10.5 anterior a Build 55.8, y 10.5.e anterior a Build 55.8007.e hacen que sea más fácil que atacantes que realizan Man-in-the-middle obtengan datos en texto plano mediante un ataque padding-oracle, variante de CVE-2014-3566, también conocido como POODLE.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-05-04 CVE Reserved
- 2017-08-02 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.citrix.com/article/CTX200378 | 2017-08-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 9.0 Search vendor "Citrix" for product "Netscaler Firmware" and version "9.0" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 9.1 Search vendor "Citrix" for product "Netscaler Firmware" and version "9.1" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 9.2 Search vendor "Citrix" for product "Netscaler Firmware" and version "9.2" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.0 Search vendor "Citrix" for product "Netscaler Firmware" and version "10.0" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.1 Search vendor "Citrix" for product "Netscaler Firmware" and version "10.1" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.1e Search vendor "Citrix" for product "Netscaler Firmware" and version "10.1e" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.5 Search vendor "Citrix" for product "Netscaler Firmware" and version "10.5" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.5e Search vendor "Citrix" for product "Netscaler Firmware" and version "10.5e" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 9.0 Search vendor "Citrix" for product "Netscaler Firmware" and version "9.0" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 9.1 Search vendor "Citrix" for product "Netscaler Firmware" and version "9.1" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 9.2 Search vendor "Citrix" for product "Netscaler Firmware" and version "9.2" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.0 Search vendor "Citrix" for product "Netscaler Firmware" and version "10.0" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.1 Search vendor "Citrix" for product "Netscaler Firmware" and version "10.1" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.1e Search vendor "Citrix" for product "Netscaler Firmware" and version "10.1e" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.5 Search vendor "Citrix" for product "Netscaler Firmware" and version "10.5" | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | 10.5e Search vendor "Citrix" for product "Netscaler Firmware" and version "10.5e" | - |
Safe
|