Vulnerability in Citrix Netscaler

CVE-2015-2841

Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.

EPSS: 0.044 (89.2th percentile) — read the EPSS interpretation.

Affected products

Citrix Netscaler — versions 10.5
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

1031928 (vdb-entry, x_refsource_SECTRACK)
36369 (exploit, x_refsource_EXPLOIT-DB)
20150316 Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution (mailing-list, Exploit, x_refsource_FULLDISC)