CVE-2020-10110

06.03.2020, 21:15

Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitre	CNA	---				---
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Vendor	Product	Version
citrix	gateway_firmware	11.1
citrix	gateway_firmware	12.0
citrix	gateway_firmware	12.1

𝑥

= Vulnerable software versions

Known Exploits!

References

http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-Information-Disclosure.html

https://seclists.org/fulldisclosure/2020/Mar/7

https://support.citrix.com/search

http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-Information-Disclosure.html

https://seclists.org/fulldisclosure/2020/Mar/7

https://support.citrix.com/search