Citrix NetScaler / Access Gateway Denial of Service Vulnerability

Secunia ID	SA37271
Release Date	06 Nov 2009
Criticality	Moderately Critical
Solution Status	Vendor Patch
Where	From remote
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Description	A vulnerability has been reported in multiple Citrix products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the "URL Transform", "Application Firewall", and "AGEE Clientless VPN" features and can be exploited to cause a DoS. The vulnerability is reported in firmware versions 9.0 prior to build 70.5 and firmware versions 9.1 prior to build 96.4 of the following products: * Citrix NetScaler * Citrix Access Gateway Enterprise Edition * Citrix NetScaler Application Firewall
Solution	Update to the latest firmware version. Citrix NetScaler and Citrix NetScaler Application Firewall: https://www.citrix.com/English/ss/downloads/results.asp?productID=21679 Citrix Access Gateway Enterprise Edition: https://www.citrix.com/English/ss/downloads/results.asp?productID=15005
Reported by	The vendor credits Rob Carter and Nathan McFeters of Ernst & Young's Advanced Security Center, and Neel Mehta of Google Security Team.
Original Advisory	http://support.citrix.com/article/CTX123060