VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 6, 2020· Updated Aug 4, 2024

CVE-2020-10112

CVE-2020-10112

Description

Citrix Gateway 11.1, 12.0, and 12.1 are reported vulnerable to cache poisoning, though Citrix disputes the classification.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Citrix Gateway 11.1, 12.0, and 12.1 are reported vulnerable to cache poisoning, though Citrix disputes the classification.

Vulnerability

Citrix Gateway versions 11.1, 12.0, and 12.1 are reported to allow cache poisoning [1]. The vulnerability involves manipulation of cached content served under specific URL paths. Citrix disputes this as a vulnerability, stating that by default, Citrix ADC only caches static content under certain paths for Gateway usage, and no dynamic content is served there.

Exploitation

An attacker with network access could potentially poison the cache by sending crafted requests that cause the gateway to cache malicious content [1]. The exact prerequisites and steps are not fully detailed in the available reference.

Impact

Successful cache poisoning could lead to serving of malicious content to users, potentially resulting in information disclosure or further attacks [1]. However, Citrix argues that the cached content is static and not user-controllable, limiting impact.

Mitigation

Citrix has not released a patch as they dispute the vulnerability. Users are advised to review Citrix's guidance and consider restricting cacheable paths. No official fix is available [1].

References
  1. Packet Storm

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.