CVE-2015-2841

Citrix NetScaler 10.5 - Firewall Bypass via Content-Type Header Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2841. PoCs published by BGA Security.

AI-analyzed exploit summary This is a detailed advisory describing an HTTP Header Pollution vulnerability in Citrix Netscaler NS10.5 WAF, allowing bypass of SQL injection protections by manipulating Content-Type headers. The PoC demonstrates a SOAP request with SQLi payload that bypasses the WAF when specific headers are included.

Description

Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.

Exploits (1)

exploitdb WRITEUP
by BGA Security · textwebappsxml
https://www.exploit-db.com/exploits/36369

This is a detailed advisory describing an HTTP Header Pollution vulnerability in Citrix Netscaler NS10.5 WAF, allowing bypass of SQL injection protections by manipulating Content-Type headers. The PoC demonstrates a SOAP request with SQLi payload that bypasses the WAF when specific headers are included.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Citrix Netscaler NS10.5
No auth needed
Prerequisites: Access to a vulnerable Citrix Netscaler NS10.5 WAF · A backend web service vulnerable to SQL injection
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id/1031928
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36369/
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Mar/95

Scores

EPSS 0.0554
EPSS Percentile 91.9%

Details

CWE
CWE-284
Status published
Products (1)
citrix/netscaler 10.5
Published Apr 03, 2015
Tracked Since Feb 18, 2026