CVE-2014-4347 - Vulnerability Details - OpenCVE

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Netscaler Access Gateway Netscaler Access Gateway Firmware Netscaler Application Delivery Controller Netscaler Application Delivery Controller Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:::::::*
	cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.1:::::::*

cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:9.3:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:::::::*

cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2014/Jul/77
http://secunia.com/advisories/59942
http://support.citrix.com/article/CTX140863
http://www.securityfocus.com/archive/1/532802/100/0/threaded
http://www.securityfocus.com/bid/68537
http://www.securitytracker.com/id/1030572
http://www.securitytracker.com/id/1030573
https://exchange.xforce.ibmcloud.com/vulnerabilities/94494
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-07-16T14:00:00

Updated: 2024-08-06T11:12:35.138Z

Reserved: 2014-06-20T00:00:00

Link: CVE-2014-4347

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-07-16T14:19:04.043

Modified: 2024-11-21T02:10:00.907

Link: CVE-2014-4347

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"}, {"name": "citrix-netscaler-cve20144347-info-disc(94494)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"}, {"name": "1030573", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030573"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX140863"}, {"name": "68537", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68537"}, {"name": "59942", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59942"}, {"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Jul/77"}, {"name": "1030572", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030572"}, {"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4347", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt", "refsource": "MISC", "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"}, {"name": "citrix-netscaler-cve20144347-info-disc(94494)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"}, {"name": "1030573", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030573"}, {"name": "http://support.citrix.com/article/CTX140863", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX140863"}, {"name": "68537", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68537"}, {"name": "59942", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59942"}, {"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Jul/77"}, {"name": "1030572", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030572"}, {"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:12:35.138Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"}, {"name": "citrix-netscaler-cve20144347-info-disc(94494)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"}, {"name": "1030573", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030573"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX140863"}, {"name": "68537", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68537"}, {"name": "59942", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59942"}, {"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Jul/77"}, {"name": "1030572", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030572"}, {"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4347", "datePublished": "2014-07-16T14:00:00", "dateReserved": "2014-06-20T00:00:00", "dateUpdated": "2024-08-06T11:12:35.138Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "45706C36-AB39-46A8-9E60-CB4D41ABD3E5", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "0BA6FD03-E65E-49FE-ABA2-C4BCFEE7AA50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*", "matchCriteriaId": "4D5D5DFC-F456-4085-BE20-13BD38301B04", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "BA8972FF-1D8D-4641-B921-D4AB58994238", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD151FA3-8B96-48AF-B908-C29EAE88EF5B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie."}, {"lang": "es", "value": "Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway (anteriormente Access Gateway Enterprise Edition) anterior a 9.3-62.4 y 10.x anterior a 10.1-126.12 permite a atacantes obtener informaci\u00f3n sensible a trav\u00e9s de vectores relacionados con una cookie."}], "id": "CVE-2014-4347", "lastModified": "2024-11-21T02:10:00.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-16T14:19:04.043", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2014/Jul/77"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/59942"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.citrix.com/article/CTX140863"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/68537"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1030572"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1030573"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"}, {"source": "cve@mitre.org", "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2014/Jul/77"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59942"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.citrix.com/article/CTX140863"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/68537"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030573"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}