Inconsistent HTTP Request Handling in Citrix Gateway Products
CVE-2020-10111

7.5HIGH

Key Information:

Vendor

Citrix
Status
Gateway Firmware
Vendor
CVE Published:
6 March 2020

What is CVE-2020-10111?

Citrix Gateway versions 11.1, 12.0, and 12.1 exhibit an inconsistent interpretation of HTTP requests which may lead to unexpected behaviors. Citrix contends that the behavior does not constitute a security vulnerability but pertains to the caching optimization for HTTP/1.1 traffic. This discrepancy in request handling could potentially allow unauthenticated accesses under certain circumstances, raising concerns among network security professionals.

References

https://support.citrix.com/search
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Mar/11
x_refsource_MISC
http://packetstormsecurity.com/files/156661/Citrix-Gatewa...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.