Vulnerability Description
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Application Delivery Controller Firmware | <= 10.1 |
| Citrix | Netscaler Application Delivery Controller | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93947Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037175
- https://support.citrix.com/article/CTX218361Vendor Advisory
- http://www.securityfocus.com/bid/93947Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037175
- https://support.citrix.com/article/CTX218361Vendor Advisory
FAQ
What is CVE-2016-9028?
CVE-2016-9028 is a vulnerability with a CVSS score of 8.8 (HIGH). Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user v...
How severe is CVE-2016-9028?
CVE-2016-9028 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9028?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Application Delivery Controller Firmware, Citrix Netscaler Application Delivery Controller.