1. Home
  2. CVE Database
  3. CVE-2015-3642
MEDIUM · 5.9

CVE-2015-3642

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1...

Vulnerability Description

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CitrixNetscaler Firmware9.0
CitrixNetscaler Application Delivery Controller-
CitrixNetscaler Gateway-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2015-3642?

CVE-2015-3642 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1...

How severe is CVE-2015-3642?

CVE-2015-3642 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-3642?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Firmware, Citrix Netscaler Application Delivery Controller, Citrix Netscaler Gateway.