CVE-2020-10111 - OpenCVE

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Gateway Firmware

Configuration 1 [-]

OR	cpe:2.3:o:citrix:gateway_firmware:11.1:::::::*
	cpe:2.3:o:citrix:gateway_firmware:12.0:::::::*
	cpe:2.3:o:citrix:gateway_firmware:12.1:::::::*

References

Link	Resource
http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html
http://seclists.org/fulldisclosure/2020/Mar/11	Exploit Mailing List Third Party Advisory
https://support.citrix.com/search	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-06T20:33:05

Updated: 2020-03-18T17:39:48

Reserved: 2020-03-05T00:00:00

Link: CVE-2020-10111

JSON object: View

NVD Information

Status : Modified

Published: 2020-03-06T21:15:15.187

Modified: 2024-05-17T01:40:53.183

Link: CVE-2020-10111

JSON object: View

Redhat Information

No data.

CWE

CWE-444

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-18T17:39:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.citrix.com/search"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2020/Mar/11"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10111", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.citrix.com/search", "refsource": "MISC", "url": "https://support.citrix.com/search"}, {"name": "http://seclists.org/fulldisclosure/2020/Mar/11", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2020/Mar/11"}, {"name": "http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10111", "datePublished": "2020-03-06T20:33:05", "dateReserved": "2020-03-05T00:00:00", "dateUpdated": "2020-03-18T17:39:48", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:gateway_firmware:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "7A9E1122-685D-4C6E-9AB1-BEA083C61748", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:gateway_firmware:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F55378F-A72D-4F9D-AC28-58CD31761889", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:gateway_firmware:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A5FEE22-AA5A-4929-A761-90833CC36BB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization"}, {"lang": "es", "value": "** EN DISPUTA ** Citrix Gateway 11.1, 12.0 y 12.1 tiene una interpretaci\u00f3n inconsistente de las solicitudes HTTP. NOTA: Citrix cuestiona el comportamiento informado como un problema de seguridad. Citrix ADC solo almacena en cach\u00e9 el tr\u00e1fico HTTP / 1.1 para la optimizaci\u00f3n del rendimiento."}], "id": "CVE-2020-10111", "lastModified": "2024-05-17T01:40:53.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-06T21:15:15.187", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Mar/11"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/search"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}