Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞
| CNNVD-ID编号 | CNNVD-201912-908 | CVE编号 | CVE-2019-19781 |
| 发布时间 | 2019-12-18 | 更新时间 | 2020-02-11 |
| 漏洞类型 | 路径遍历 | 漏洞来源 | Dhiraj Mishra,Ramella Sebastien,Mishra Dhiraj |
| 危险等级 | 超危 | 威胁类型 | 远程 |
| 厂商 | N/A | ||
漏洞介绍
Citrix Systems NetScaler Gateway(Citrix Systems Gateway)和Citrix Application Delivery Controller(ADC)都是美国思杰系统(Citrix Systems)公司的产品。Citrix Systems NetScaler Gateway是一套安全的远程接入解决方案。该方案可为管理员提供应用级和数据级管控功能,以实现用户从任何地点远程访问应用和数据。Citrix Application Delivery Controller是一款应用交付控制器。该产品具有应用交付控制和负载均衡等功能。
Citrix ADC和Citrix Systems Gateway中存在安全漏洞。攻击者可利用该漏洞执行代码。
漏洞补丁
目前厂商暂未发布升级补丁解决此安全问题,但提供了临时修复措施,详情请参考链接:
https://support.citrix.com/article/CTX267679
参考网址
来源:MISC
来源:MISC
链接:https://forms.gle/eDf3DXZAv96oosfj6
来源:MISC
链接:https://twitter.com/bad_packets/status/1215431625766424576
来源:MISC
链接:https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/
来源:CERT-VN
链接:https://www.kb.cert.org/vuls/id/619785
来源:MISC
来源:MISC
来源:MISC
来源:support.citrix.com
链接:https://support.citrix.com/article/CTX267027
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4708/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-19781
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4708.8/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html
来源:www.exploit-db.com
链接:https://www.exploit-db.com/exploits/47901
来源:packetstormsecurity.com
来源:packetstormsecurity.com
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4708.4/
受影响实体
暂无
信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201912-908
评论