SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Encryption/VPN)  >   Citrix NetScaler Vendors:   Citrix
Citrix NetScaler ADC and Gateway Packet Engine TLS Handshake Flaw Lets Remote Users Obtain Cleartext in Certain Cases
SecurityTracker Alert ID:  1040011
SecurityTracker URL:  http://securitytracker.com/id/1040011
CVE Reference:   CVE-2017-17549   (Links to External Site)
Date:  Dec 13 2017
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5, 10.5, 11.0, 11.0, 11.1, 11.1, 12.0, 12.0
Description:   A vulnerability was reported in Citrix NetScaler. A remote user can obtain cleartext information in certain cases.

On systems using TLS with client certificates enabled and Diffie-Hellman Ephemeral (DHE) key exchange, a remote user can obtain cleartext traffic sent between the target system and a backend server.

The Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine are affected.

Citrix NetScaler MPX and NetScaler SDX hardware appliances are not affected.

IBM Security Team reported this vulnerability.

Impact:   A remote user can obtain cleartext traffic sent between the target system and a backend server.
Solution:   Citrix has issued a fix (10.5 build 67.13, 11.0 build 71.22, 11.1 build 56.19, 12.0 build 53.22).

The vendor advisory is available at:

https://support.citrix.com/article/ctx230612

Vendor URL:  support.citrix.com/article/ctx230612 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC