Release date:
Updated on:
Affected Systems:
Citrix NetScaler Gateway 9.x
Citrix NetScaler Gateway 10.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67177
CVE (CAN) ID: CVE-2014-1899
Citrix Access Gateway is a common ssl vpn device.
The cross-site scripting vulnerability exists in Citrix NetScaler Gateway versions earlier than 10.1.123.9 and 9.3.66.5. Remote attackers can exploit this vulnerability to execute arbitrary code in the context of the affected site.
<* Source: Benjamin Matt
Thierry Zoller
Link: https://support.citrix.com/article/CTX140291
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Citrix
------
Citrix has released a Security Bulletin (CTX140291) and corresponding patches for this:
CTX140291: Cross-Site Scripting Vulnerability in Citrix NetScaler Gateway, formerly Citrix Access Gateway Enterprise Edition
Link: https://support.citrix.com/article/CTX140291
Patch download:
Https://www.citrix.com/downloads/netscaler-gateway/product-software.html
This article permanently updates the link address: