{"api_version":"1","generated_at":"2026-04-23T13:24:58+00:00","cve":"CVE-2015-7996","urls":{"html":"https://cve.report/CVE-2015-7996","api":"https://cve.report/api/cve/CVE-2015-7996.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-7996","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-7996"},"summary":{"title":"CVE-2015-7996","description":"The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2015-11-17 15:59:00","updated_at":"2016-12-07 18:25:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1034167","name":"1034167","refsource":"SECTRACK","tags":[],"title":"Citrix NetScaler Service Delivery Appliance Bugs Let Local Users Obtain Potentially Sensitive Information and Remote Users Conduct Cross-Site Scripting Attack and Obtain Passwords - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.citrix.com/article/CTX202482","name":"http://support.citrix.com/article/CTX202482","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Citrix NetScaler Service Delivery Appliance and Citrix CloudBridge WAN Optimization Appliance Multiple Security Updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-7996","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7996","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_application_delivery_controller_firmware","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_application_delivery_controller_firmware","cpe6":"10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_application_delivery_controller_firmware","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_application_delivery_controller_firmware","cpe6":"10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_gateway_firmware","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_gateway_firmware","cpe6":"10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_gateway_firmware","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_gateway_firmware","cpe6":"10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_service_delivery_appliance_service_vm","cpe6":"10.5e","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7996","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_service_delivery_appliance_service_vm","cpe6":"10.5e","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-7996","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1034167","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1034167"},{"name":"http://support.citrix.com/article/CTX202482","refsource":"CONFIRM","url":"http://support.citrix.com/article/CTX202482"}]}},"nvd":{"publishedDate":"2015-11-17 15:59:00","lastModifiedDate":"2016-12-07 18:25:00","problem_types":["CWE-200"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_service_delivery_appliance_service_vm:10.5e:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"7996","Ordinal":"85012","Title":"CVE-2015-7996","CVE":"CVE-2015-7996","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"7996","Ordinal":"1","NoteData":"The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"7996","Ordinal":"2","NoteData":"2015-11-17","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"7996","Ordinal":"3","NoteData":"2016-12-05","Type":"Other","Title":"Modified"}]}}}