Jump to content
Welcome to our new Citrix community!

JQuery < 3.4.0 Object Prototype Pollution Vulnerability on PCI Scan for Netscaler NS11.1: Build 58.13.nc


Jacob Haugh

Recommended Posts

Good Afternoon,

 

We have a customer using NetScaler NS11.1: Build 58.13.nc and they had a PCI Scan that was run and failed on CVE-2015-9251 - JQuery < 3.4.0 Object Prototype Pollution Vulnerability.

 

Currently the customer in on NetScaler version 11 and has a Jquery version below 3.3. 

 

They want to remediate the PCI Scan failure so I am wondering if the current version 11 NetScaler allows for an upgrade of the Jquery component to above 3.4 or do we need to advise the customer to upgrade to a newer version of NetScaler.

 

I have found the following article that relates to this issue but is a more updated CVE related to NetScaler version 12.

https://discussions.citrix.com/topic/402998-netscaler-j-query-vulnerability/#comment-2041568

 

Thanks for your assistance to resolve this.

Link to comment
Share on other sites

  • 3 months later...

There is no question as there is a much more serious problem with this version. Your customer hast to upgrade immediately, mainly due to CVE 2019-19781 (he is very likely currently running a bunch of malware on his system).

 

I would strongly recommend signing up to Citrix security alert mails immediately! The idea, my credit card could have been stored inside an environment like that drives me mad. There is nothing like patching. Citrix just provides firmware upgrades. I would go to 12.1. It's stable and it's way ahead of 11.1. I wrote down my thoughts about upgrading.

 

Cheers

 

Johannes Norz

CCI, CCE-N, CTA

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...