VYPR
Medium severity5.9NVD Advisory· Published Aug 2, 2017· Updated Jun 17, 2026

CVE-2015-3642

CVE-2015-3642

Description

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

Affected products

4
  • cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*
    • (no CPE)range: < 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e
  • cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*
  • Range: < 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.