Vulnerability Description
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Application Delivery Controller Firmware | 10.1 |
| Citrix | Netscaler Service Delivery Appliance Service Vm | 10.5e |
| Citrix | Netscaler Gateway Firmware | 10.1 |
Related Weaknesses (CWE)
References
- http://support.citrix.com/article/CTX202482PatchVendor Advisory
- http://www.securitytracker.com/id/1034167
- http://support.citrix.com/article/CTX202482PatchVendor Advisory
- http://www.securitytracker.com/id/1034167
FAQ
What is CVE-2015-7996?
CVE-2015-7996 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service D...
How severe is CVE-2015-7996?
CVE-2015-7996 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7996?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Application Delivery Controller Firmware, Citrix Netscaler Service Delivery Appliance Service Vm, Citrix Netscaler Gateway Firmware.