CVE-2020-10112
Citrix Gateway 11.1 / 12.0 / 12.1 Cache Poisoning
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default
** EN DISPUTA ** Citrix Gateway 11.1, 12.0 y 12.1 permite el envenenamiento de caché. NOTA: Citrix discute esto como no una vulnerabilidad. De manera predeterminada, Citrix ADC solo almacena en caché el contenido estático servido bajo ciertas rutas URL para el uso de Citrix Gateway. No se sirve contenido dinámico en estas rutas, lo que implica que esas páginas en caché no cambiarían en función de los valores de los parámetros. El resto del tráfico de datos que pasa por Citrix Gateway NO se almacena en caché de manera predeterminada.
Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from a cache poisoning vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-05 CVE Reserved
- 2020-03-06 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/156660/Citrix-Gateway-11.1-12.0-12.1-Cache-Poisoning.html | X_refsource_misc |
URL | Date | SRC |
---|---|---|
http://seclists.org/fulldisclosure/2020/Mar/8 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.citrix.com/search | 2024-05-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Citrix Search vendor "Citrix" | Gateway Firmware Search vendor "Citrix" for product "Gateway Firmware" | 11.1 Search vendor "Citrix" for product "Gateway Firmware" and version "11.1" | - |
Affected
| ||||||
Citrix Search vendor "Citrix" | Gateway Firmware Search vendor "Citrix" for product "Gateway Firmware" | 12.0 Search vendor "Citrix" for product "Gateway Firmware" and version "12.0" | - |
Affected
| ||||||
Citrix Search vendor "Citrix" | Gateway Firmware Search vendor "Citrix" for product "Gateway Firmware" | 12.1 Search vendor "Citrix" for product "Gateway Firmware" and version "12.1" | - |
Affected
|