CVE-2015-3642

MEDIUM

Citrix NetScaler <9.3.68.5, 10.0-10.1.e-10.5.e - Info Disclosure

Title source: llm

Description

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

References (1)

[Vendor Advisory] http://support.citrix.com/article/CTX200378

Scores

CVSS v3 5.9

EPSS 0.0029

EPSS Percentile 52.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (3)

citrix/netscaler_application_delivery_controller

citrix/netscaler_gateway

n/a/n/a

Published Aug 02, 2017

Tracked Since Feb 18, 2026