漏洞类别:Local
漏洞等级: 
漏洞信息
Citrix NetScaler Application Delivery Controller is an application delivery management solution.
Citrix has addressed an unauthorized redirect vulnerability which could allow an attacker to get session cookies of redirected a AAA user.
The following versions are affected:
1) Version 11.0 earlier than 11.0 Build 65.31/65.35F
2) Version 10.5 earlier than 10.5 Build 61.11
3) Version 10.1 earlier than 10.1 Build 135.8
漏洞危害
Successful exploitation of the vulnerability can allow an attacker to hijack sessions.
解决方案
Customers are advised to update to versions: :
1) Version 11.0 - 11.0 Build 65.31/65.35F
2) Version 10.5 - 10.5 Build 61.11
3) Version 10.1 - 10.1 Build 135.8
For version Version 10.1, in addition to updating to 10.1 Build 135.8 additional configuration is required to fix the vulnerability. In the NSCLI, the below mentioned steps are required to performed:
1) Confirm that the Load Balancing virtual server's IP address is non-routable from external world.
2) Bind traffic to a service from the Load Balancing virtual server to be routed to the back-end server.
3) A routable Content-Switching policy needs to be configured to identify valid FQDNs or IP addresses.
For more information, click here.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论