-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-044 Title: Citrix NetScaler Application Delivery Security Update [1] Version history: 13.05.2014 Initial publication Summary ======= A number of security vulnerabilities have been identified in the management component of the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products. These vulnerabilities have been assigned the following CVE numbers: CVE-2014-2881: Weak implementation of Diffie-Hellman key agreement in Citrix NetScaler Application Delivery Controller and NetScaler Gateway management GUI Java applet. CVE-2014-2882: Certificate validation vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway management GUI. CVE-2014-2881 CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/AU:N/C:P/I:P/A:P) [2] CVE-2014-2882 CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/AU:N/C:P/I:P/A:P) Vulnerable systems ================== These vulnerabilities are present in all versions of Citrix NetScaler ADC and NetScaler Gateway prior to 10.1-122.17 and 9.3-66.5. What can you do? ================ Upgrade following the provider instructions. [1] What to tell your users? ======================== N/A More information ================ [1] http://support.citrix.com/article/CTX140651 [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2881 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2882 Best regards, CERT-EU Team(http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJTcjeyAAoJEPpzpNLI8SVo3TEQAJiWt6WM823NkjJaT5orZ/0l UTUpXpSoux/C1UB0g3uBErl/mrTdjD8w1cd/etd+TAXeBxOTxaZj3DH2brhx4Rph vkgqK6j4vVCW/Ym9DMTqJ24OFml41SCg6SPcm3zI9pOYHG5yDRv2pif8C3aEtzG3 6Lit8/q1jeNt+4K/oObYM8IkLC2+ZrdqQIbmiD/0E2Xzox2HPFyKKanIgXF2/eaX 6dJFhguWgPnVFLLelrF20CBTyl1rzbAxH0Pn5s1Nwd9ngtjN/pof9J8k5bebq9VP 1Gte64VjnXgShHp7aGwfJSVyLW4CROaafpLZ0fZIfl8pC+dUGNtFauxW+1ETwN6S aV0nXv96ckgs2kMrO+UlHJ+9ixSNilSH0TM3ou4kc8iQ8kpZNb6VTT3VR5sE9XOq Tg9cFNZwsZR+be0D28VseBjxgQYS9lJKqVReC8h9OJ5McB1ZqgemlziyUjzqJBeO HblbgLCmMqBv1ss4k5g0pVu2V71prTmiydyRoQnO7eOUM0+gx2YlQ33lrFs94L+N AEctCS6JE253VzoPKqRCk6FkyZnzk4TUWjj/Pc/aoy1m6ICWAFz5/5zQc8pESAZa kwkOg9x04dXiRRnJVTdTcmZEsMXJXwWUBLt9I4eD0s++ySccHttMVEBHN/aU0LbU VFcaVEYlRII0FNqzoGyq =3ZD2 -----END PGP SIGNATURE-----