CVE-2020-10111 — HIGH (7.5)

Vulnerability Description

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Citrix	Gateway Firmware	11.1

Related Weaknesses (CWE)

CWE-444

References

http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-
http://seclists.org/fulldisclosure/2020/Mar/11ExploitMailing ListThird Party Advisory
https://support.citrix.com/searchVendor Advisory
http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-
http://seclists.org/fulldisclosure/2020/Mar/11ExploitMailing ListThird Party Advisory
https://support.citrix.com/searchVendor Advisory

FAQ

What is CVE-2020-10111?

CVE-2020-10111 is a vulnerability with a CVSS score of 7.5 (HIGH). Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic fo...

How severe is CVE-2020-10111?

CVE-2020-10111 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-10111?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Gateway Firmware.