Cache Poisoning Vulnerability in Citrix Gateway by Citrix
CVE-2020-10112

5.4MEDIUM

Key Information:

Vendor
Citrix
Status
Gateway Firmware
Vendor
CVE Published:
6 March 2020

Summary

The Citrix Gateway product versions 11.1, 12.0, and 12.1 are susceptible to a cache poisoning vulnerability. This occurs when static content served under specific URL paths is improperly cached, which can potentially lead to unintended data exposure. Citrix asserts that only static content is cached for certain paths associated with Citrix Gateway usage, meaning dynamic content is not affected and will not change based on varying parameters. Therefore, while some concerns about this vulnerability have been raised, the vendor maintains that cached pages remain stable under normal operations.

References

https://support.citrix.com/search
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Mar/8
x_refsource_MISC
http://packetstormsecurity.com/files/156660/Citrix-Gatewa...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.