Jump to content
Welcome to our new Citrix community!

Generic Cross-Site Request Forgery

Tomislav Turk

Recommended Posts

Hi all,


One of our customers is using NetScaler MPX 10.1-124.13 Standard for load balancing and as a NetScaler Gateway.


During recent security scan of Gateway logon point the "CGI Generic Cross-Site Request Forgery (Potential)" was detected.


According to http://support.citrix.com/article/CTX139049 this vulnerability has been addressed in firmware 10.1-118.7 and later.


Since the customer is using FW version that shoud be safe is this a false positive alert ?


If not, is is feasible to solve this without AppFirewall (http://support.citrix.com/proddocs/topic/ns-security-10-map/appfw-checks-form-csrf-con.html).


They would need additional license for that, and this was discovered on Gateway component.


Kind regards,








Link to comment
Share on other sites

  • 1 month later...
  • 8 months later...
  • 3 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...