Information Exposure Through Caching in Citrix Gateway Products
CVE-2020-10110

5.3MEDIUM

Key Information:

Vendor
Citrix
Status
Gateway Firmware
Vendor
CVE Published:
6 March 2020

Summary

Citrix Gateway versions 11.1, 12.0, and 12.1 are susceptible to information exposure through caching mechanisms. This vulnerability occurs when cache headers in the response reveal non-sensitive information about cache protocols and their recipients. The 'Via' header details the protocols and recipients used during the request/response cycle, while the 'Age' header indicates the time a cached response has been stored. Although Citrix contests the classification of this issue as a vulnerability, awareness of how these cache headers can be accessed is crucial for maintaining security best practices.

References

https://support.citrix.com/search
x_refsource_MISC
https://seclists.org/fulldisclosure/2020/Mar/7
x_refsource_MISC
http://packetstormsecurity.com/files/156656/Citrix-Gatewa...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.