Vulnerability Description
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Gateway Firmware | 11.1 |
References
- http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-InformExploitThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2020/Mar/7ExploitMailing ListThird Party Advisory
- https://support.citrix.com/searchVendor Advisory
- http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-InformExploitThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2020/Mar/7ExploitMailing ListThird Party Advisory
- https://support.citrix.com/searchVendor Advisory
FAQ
What is CVE-2020-10110?
CVE-2020-10110 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache heade...
How severe is CVE-2020-10110?
CVE-2020-10110 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10110?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Gateway Firmware.