VAR-201704-1524
Vulnerability from variot - Updated: 2025-04-20 23:34A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Citrix NetScaler Gateway is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: Citrix NetScaler Gateway 11.1 prior to 11.1 Build 52.13 Citrix NetScaler Gateway 11.0 prior to 11.0 Build 70.12 Citrix NetScaler Gateway 10.5 prior to 10.5 Build 65.11 Citrix NetScaler Gateway 10.1 prior to 10.1 Build 135.8 Citrix NetScaler Gateway 10.1 prior to 10.1 Build 135.12. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 1.9,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0 build 70.12"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "11.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "11.1 build 52.13"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.5 build 65.11"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1 build 135.8/135.12"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.152.13"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.070.12"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.565.11"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1135.8"
},
{
"model": "netscaler gateway build",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.1135.12"
}
],
"sources": [
{
"db": "BID",
"id": "97626"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:citrix:netscaler_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alain Mowat",
"sources": [
{
"db": "BID",
"id": "97626"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-7219",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-115422",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7219",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7219",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7219",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-913",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-115422",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-7219",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Citrix NetScaler Gateway is prone to a heap-based buffer-overflow vulnerability. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are affected:\nCitrix NetScaler Gateway 11.1 prior to 11.1 Build 52.13\nCitrix NetScaler Gateway 11.0 prior to 11.0 Build 70.12\nCitrix NetScaler Gateway 10.5 prior to 10.5 Build 65.11\nCitrix NetScaler Gateway 10.1 prior to 10.1 Build 135.8\nCitrix NetScaler Gateway 10.1 prior to 10.1 Build 135.12. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7219"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "BID",
"id": "97626"
},
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7219",
"trust": 2.9
},
{
"db": "BID",
"id": "97626",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1038283",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-93072",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-115422",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7219",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "BID",
"id": "97626"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"id": "VAR-201704-1524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:34:26.610000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX222657",
"trust": 0.8,
"url": "https://support.citrix.com/article/CTX222657"
},
{
"title": "Citrix Security Bulletins: CVE-2017-7219 - Heap Overflow Vulnerability in Citrix NetScaler Gateway Could Result in Arbitrary Code Execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=af212df1e1bcdd960e33f0c7f7331b7a"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://support.citrix.com/article/ctx222657"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/97626"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1038283"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7219"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7219"
},
{
"trust": 0.3,
"url": "http://www.citrix.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "BID",
"id": "97626"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115422"
},
{
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"db": "BID",
"id": "97626"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-115422"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"date": "2017-04-12T00:00:00",
"db": "BID",
"id": "97626"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"date": "2017-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"date": "2017-04-13T14:59:01.900000",
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-115422"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7219"
},
{
"date": "2017-04-18T00:06:00",
"db": "BID",
"id": "97626"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003203"
},
{
"date": "2018-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-913"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Gateway Heap overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003203"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-913"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…