← Back

CVE-2016-9028

nvd nist
Published: Oct 28, 2016Modified: May 6, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.

Affected (4)

Citrix
1 product
Netscaler Application Delivery Controller Firmware
Configuration A
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Citrix
Netscaler Application Delivery Controller Firmware
Up to 10.1
Netscaler Application Delivery Controller Firmware
Version 10.5
Netscaler Application Delivery Controller Firmware
Version 11.0
Netscaler Application Delivery Controller Firmware
Version 11.1
Running on/withPlatform Versions
Citrix
Netscaler Application Delivery Controller
All versions

Related CWEs

CWE-254
CWE-254

References (6)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.