CVE-2015-7996
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.
La API Nitro en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM) permite a atacantes obtener credenciales a través de la caché del navegador.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-10-28 CVE Reserved
- 2015-11-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1034167 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.citrix.com/article/CTX202482 | 2016-12-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Firmware Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" | 10.1 Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" and version "10.1" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Firmware Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" | 10.5 Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" and version "10.5" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Netscaler Service Delivery Appliance Service Vm Search vendor "Citrix" for product "Netscaler Service Delivery Appliance Service Vm" | 10.5e Search vendor "Citrix" for product "Netscaler Service Delivery Appliance Service Vm" and version "10.5e" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 10.1 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "10.1" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 10.5 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "10.5" | - |
Affected
| ||||||