Inconsistent HTTP Request Handling in Citrix Gateway Products
CVE-2020-10111
7.5HIGH
Summary
Citrix Gateway versions 11.1, 12.0, and 12.1 exhibit an inconsistent interpretation of HTTP requests which may lead to unexpected behaviors. Citrix contends that the behavior does not constitute a security vulnerability but pertains to the caching optimization for HTTP/1.1 traffic. This discrepancy in request handling could potentially allow unauthenticated accesses under certain circumstances, raising concerns among network security professionals.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved