Cache Poisoning Vulnerability in Citrix Gateway by Citrix
CVE-2020-10112

5.4MEDIUM

Key Information:

Vendor

Citrix
Status
Gateway Firmware
Vendor
CVE Published:
6 March 2020

What is CVE-2020-10112?

The Citrix Gateway product versions 11.1, 12.0, and 12.1 are susceptible to a cache poisoning vulnerability. This occurs when static content served under specific URL paths is improperly cached, which can potentially lead to unintended data exposure. Citrix asserts that only static content is cached for certain paths associated with Citrix Gateway usage, meaning dynamic content is not affected and will not change based on varying parameters. Therefore, while some concerns about this vulnerability have been raised, the vendor maintains that cached pages remain stable under normal operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://support.citrix.com/search
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Mar/8
x_refsource_MISC
http://packetstormsecurity.com/files/156660/Citrix-Gatewa...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.