On October 10, 2023, Cloud Software Group released builds to fix CVE-2023-4966, which affects NetScaler ADC and NetScaler Gateway. If exploited, CVE-2023-4966 can result in unauthorized data disclosure. This vulnerability was discovered by our internal team, and at the time of disclosure, we were not aware of any exploits in the wild. We now have reports of incidents … [Read more...] about CVE-2023-4966: Critical security update now available for NetScaler ADC and NetScaler Gateway
How to mitigate the HTTP/2 Rapid Reset vulnerability on NetScaler
On October 10, 2023, the National Institute of Standards and Technology (NIST) published CVE-2023-44487 that describes a potential issue with many HTTP/2 implementations: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October … [Read more...] about How to mitigate the HTTP/2 Rapid Reset vulnerability on NetScaler
Critical security update now available for NetScaler ADC and NetScaler Gateway
Updated September 8, 2003, with additional guidance from the Cybersecurity and Infrastructure Security Agency (CISA) On July 18, 2023, Cloud Software Group released builds to fix CVE-2023-3519, which affects NetScaler ADC and NetScaler Gateway if they are configured as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy ) or AAA virtual server. If exploited, … [Read more...] about Critical security update now available for NetScaler ADC and NetScaler Gateway