cvedb.io
CVE-2015-3642
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2017-08-02T19:29:00.477 · Last modified 2026-06-17T00:26:01.867

Summary

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

Affected products

citrix — netscaler_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when citrix ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.