Medium severity5.9NVD Advisory· Published Aug 2, 2017· Updated May 13, 2026

CVE-2015-3642

Description

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

Affected products

Citrix Systems/Netscaler Application Delivery Controller
cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*
Citrix Systems/Netscaler Gateway
cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.citrix.com/article/CTX200378nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000