CVE-2015-2841
published 2015-04-03CVE-2015-2841: Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as…
PriorityP432medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
5.54%
91.9th percentile
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | netscaler | — | — |
| citrix | netscaler_adc_gateway | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h3fj-247x-cqr8: Citrix NetScaler AppFirewall, as used in NetScaler 10
ghsa_unreviewed·2022-05-17
CVE-2015-2841 [MEDIUM] CWE-284 GHSA-h3fj-247x-cqr8: Citrix NetScaler AppFirewall, as used in NetScaler 10
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
Citrix
CVE-2015-2841: Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type h
vendor_citrix·2015-04-03·CVSS 5.0
CVE-2015-2841 [MEDIUM] CWE-284 CVE-2015-2841: Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type h
CVE-2015-2841: Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
No detection rules found.
No writeups or analysis indexed.
2015-04-03
Published