CVE-2015-7996
published 2015-11-17CVE-2015-7996: The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.02%
59.2th percentile
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_application_delivery_controller_firmware | — | — |
| citrix | netscaler_application_delivery_controller_firmware | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway_firmware | — | — |
| citrix | netscaler_gateway_firmware | — | — |
| citrix | netscaler_service_delivery_appliance_service_vm | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2015-7996: The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10
vendor_citrix·2015-11-17·CVSS 5.0
CVE-2015-7996 [MEDIUM] CWE-200 CVE-2015-7996: The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10
CVE-2015-7996: The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.
Citrix
Citrix Security Bulletin CTX202482
vendor_citrix·CVSS 5.0
CVE-2015-7996 [MEDIUM] Citrix Security Bulletin CTX202482
Citrix Security Bulletin CTX202482
CVE References: CVE-2015-7996, CVE-2015-7997, CVE-2015-7998, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-25w8-v4rh-3fg2: The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10
ghsa_unreviewed·2022-05-17
CVE-2015-7996 [MEDIUM] CWE-200 GHSA-25w8-v4rh-3fg2: The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-11-17
Published