Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-04-03T14:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2015-04-03T00:00:00
Link: CVE-2015-2838
JSON object: View
NVD Information
Status : Modified
Published: 2015-04-03T14:59:01.240
Modified: 2018-10-09T19:56:30.203
Link: CVE-2015-2838
JSON object: View
Redhat Information
No data.
CWE