Vulnerability Details CVE-2020-10111
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html
- http://seclists.org/fulldisclosure/2020/Mar/11
- https://support.citrix.com/search
- http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html
- http://seclists.org/fulldisclosure/2020/Mar/11
- https://support.citrix.com/search
Products affected by CVE-2020-10111
-
cpe:2.3:o:citrix:gateway_firmware:11.1
-
cpe:2.3:o:citrix:gateway_firmware:12.0
-
cpe:2.3:o:citrix:gateway_firmware:12.1