CVE-2020-10112
Summary
| CVE | CVE-2020-10112 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-03-06 21:15:00 UTC |
| Updated | 2023-11-07 03:14:00 UTC |
| Description | ** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default. |
Risk And Classification
Problem Types: CWE-444
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Citrix | Gateway Firmware | 11.1 | All | All | All |
| Operating System | Citrix | Gateway Firmware | 12.0 | All | All | All |
| Operating System | Citrix | Gateway Firmware | 12.1 | All | All | All |
| Operating System | Citrix | Gateway Firmware | 11.1 | All | All | All |
| Operating System | Citrix | Gateway Firmware | 12.0 | All | All | All |
| Operating System | Citrix | Gateway Firmware | 12.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: [SYSS-2020-005] Cache Poisoning (CAPEC-141) in Citrix Gateway (CVE-2020-10112) | MISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| Search | MISC | support.citrix.com | Vendor Advisory |
| Citrix Gateway 11.1 / 12.0 / 12.1 Cache Poisoning ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.