← voltar
CVE-2015-2838

CVE-2015-2838

EPSS 2.9%
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
Produtos afetados
n/a · n/a
PoCs públicas encontradas3
cve_referencepacketstormsecurity.com/files/130937/Citrix-NITRO-SDK-Command-Injection.htmlnão verificadocve_referencewww.exploit-db.com/exploits/36442/não verificadoexploitdbwww.exploit-db.com/exploits/36442não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/130937/Citrix-NITRO-SDK-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Mar/129https://www.exploit-db.com/exploits/36442/https://www.securify.nl/advisory/SFY20140806/command_injection_vulnerability_in_citrix_nitro_sdk_xen_hotfix_page.htmlhttp://www.securityfocus.com/archive/1/534936/100/0/threadedhttp://www.securityfocus.com/bid/73358