← Back

CVE-2015-3642

nvd nist
Published: Aug 2, 2017Modified: May 13, 2026

JSON object

Loading...
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

Affected (2)

Citrix
2 products
Netscaler Application Delivery Controller
Netscaler Gateway
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Netscaler Application Delivery Controller
All versions
Configuration B
1 vulnerable · 8 platform
Vulnerable SoftwareAffected Versions
Netscaler Gateway
All versions
Running on/withPlatform Versions
Citrix
Netscaler Firmware
Version 10.0
Citrix
Netscaler Firmware
Version 10.1
Citrix
Netscaler Firmware
Version 10.1e
Citrix
Netscaler Firmware
Version 10.5
Citrix
Netscaler Firmware
Version 10.5e
Citrix
Netscaler Firmware
Version 9.0
Citrix
Netscaler Firmware
Version 9.1
Citrix
Netscaler Firmware
Version 9.2

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.