Jump to content
Welcome to our new Citrix community!

NetScaler J-Query vulnerability


Nick Potts

Recommended Posts

Does anyone know if the NetScaler 12 and onwards is vulnerable to the following 

 

CVE-2019-11358 - jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

 

Thanks in advance

Link to comment
Share on other sites

  • 5 weeks later...
  • 4 weeks later...
On 5/11/2019 at 9:06 PM, Nick Potts said:

Does anyone know if the NetScaler 12 and onwards is vulnerable to the following 

 

CVE-2019-11358 - jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

 

Thanks in advance

 

Yes, we found that latest Netscaler firmwares from version 12 up to 13 is vulnerable to CVE-2019-11358 and the fix will be included in the next firmware release on Q3 of this year.

 

For the meantime, we got a workaround that was verified by Citrix support. 

 

https://www.jessmartin.ca/2019/07/03/netscalerjqueryvulnerability/

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

I had the same issue last time and opened a ticket with citrix support. The solution i posted is a joint effort from me and citrix support. They tested it on their side and confirmed an acceptable  solution. You can open a ticket to them if you want to make sure. They also told me that the fix will be on next release.

Link to comment
Share on other sites

21 hours ago, Jonathan Chung1709159231 said:

We did open a ticket to Citrix Support and got the same answer that fix would be in next release. I asked them if there was a committed date but Citrix Support could not provide that. I asked them to keep the ticket opened until they confirmed the date. However, they have closed the ticket now. This is not acceptable.

 


Yesterday I opened a ticket and received the same response.  I asked for a ticket escalation and their security team provided me with the work around, similar to as documented by Jesus Martin.

Link to comment
Share on other sites

  • 11 months later...

Hello all,

 

Be advised in some situations Support does not have any information other than if a fix is going to be in a future release. We archive/Close these cases in order to track the issue better. Escalation would be in the same situation as the originating Support Engineer.

The best way to track this , right here on the discussion forums as well as secure@citrix.com. They are the best point of contact to address your security concerns. Hope this information helps. 

image.png

Link to comment
Share on other sites

  • 3 months later...
  • 1 year later...
  • 1 month later...

For anyone who comes across to this, this is the statement from Citrix:

 

This is indeed being looked into by our development team to fix the vulnerability in the future releases to come.
We have got a BUG NSHELP-30209 opened from our side and development team is working on the same. As of now it is difficult to say in which release the fix would be coming in.
You can check this BUG no in the release notes of future builds which will have the fix.

 

Will check future firmware builds for NSHELP-30209.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...