Medium severity5.9NVD Advisory· Published Aug 2, 2017· Updated Jun 17, 2026
CVE-2015-3642
CVE-2015-3642
Description
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Affected products
4cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*
- (no CPE)range: < 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e
- cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*
- Range: < 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e
Patches
Vulnerability mechanics
References
1- support.citrix.com/article/CTX200378nvdVendor Advisory
News mentions
0No linked articles in our index yet.