CVE-2015-2838
N/A
N/A
Summary
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.exploit-db.com/exploits/36442/
- https://www.securify.nl/advisory/SFY20140806/command_injection_vulnerability_in_citrix_nitro_sdk_xen_hotfix_page.html
- http://packetstormsecurity.com/files/130937/Citrix-NITRO-SDK-Command-Injection.html
- http://www.securityfocus.com/archive/1/534936/100/0/threaded
- http://www.securityfocus.com/bid/73358
- http://seclists.org/fulldisclosure/2015/Mar/129
References
- https://www.exploit-db.com/exploits/36442/
- https://www.securify.nl/advisory/SFY20140806/command_injection_vulnerability_in_citrix_nitro_sdk_xen_hotfix_page.html
- http://packetstormsecurity.com/files/130937/Citrix-NITRO-SDK-Command-Injection.html
- http://www.securityfocus.com/archive/1/534936/100/0/threaded
- http://www.securityfocus.com/bid/73358
- http://seclists.org/fulldisclosure/2015/Mar/129
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.