=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN115
_____________________________________________________________________

DATE                : 02/05/2014

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running  Citrix NetScaler Gateway
                                versions 10.x prior to 10.1.123.9,
                     Citrix Access Gateway Enterprise Edition versions
                        9.x prior to 9.3.66.5.

======================================================================
http://support.citrix.com/article/CTX140291
______________________________________________________________________

Cross-Site Scripting Vulnerability in Citrix NetScaler Gateway, formerly
Citrix Access Gateway Enterprise Edition

CTX140291

    Created On  Apr 30, 2014
    Updated On  Apr 30, 2014


Security Bulletin

See Applicable Products

Severity: Medium


Description of Problem

A Cross-Site Scripting (XSS) vulnerability has been identified in Citrix
NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise
Edition.

This vulnerability could potentially be used to execute malicious
client-side script in the same context as legitimate content from the
web server; if this vulnerability is used to execute script in the
browser of an authenticated user then the script may be able to gain
access to the authenticated user's session or other potentially
sensitive information.

This vulnerability has been assigned the following CVE number:

CVE-2014-1899: Cross-Site Scripting vulnerability in Citrix NetScaler
Gateway, formerly Citrix Access Gateway Enterprise Edition.

This vulnerability is present in versions of all versions of Citrix
NetScaler Gateway 10.x earlier than version 10.1.123.9 and all versions
of Citrix Access Gateway Enterprise Edition 9.x earlier than 9.3.66.5.

What Customers Should Do

This vulnerability has been addressed in new versions of the Citrix
NetScaler Gateway software. Citrix recommends that customers upgrade
their Citrix NetScaler Gateway appliances


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================