Jump to content
Welcome to our new Citrix community!

Generic Cross-Site Request Forgery


Tomislav Turk

Recommended Posts

Hi all,

 

One of our customers is using NetScaler MPX 10.1-124.13 Standard for load balancing and as a NetScaler Gateway.

 

During recent security scan of Gateway logon point the "CGI Generic Cross-Site Request Forgery (Potential)" was detected.

 

According to http://support.citrix.com/article/CTX139049 this vulnerability has been addressed in firmware 10.1-118.7 and later.

 

Since the customer is using FW version that shoud be safe is this a false positive alert ?

 

If not, is is feasible to solve this without AppFirewall (http://support.citrix.com/proddocs/topic/ns-security-10-map/appfw-checks-form-csrf-con.html).

 

They would need additional license for that, and this was discovered on Gateway component.

 

Kind regards,

 

Tomislav

 

 

 

 

 

Link to comment
Share on other sites

  • 1 month later...
  • 8 months later...
  • 3 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...