{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T09:30:27.099","vulnerabilities":[{"cve":{"id":"CVE-2016-9028","sourceIdentifier":"cve@mitre.org","published":"2016-10-28T15:59:20.313","lastModified":"2025-04-12T10:46:40.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31\/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header."},{"lang":"es","value":"Vulnerabilidad de redirección no autorizada en Citrix NetScaler ADC en versiones anteriores a 10.1 135.8, 10.5 61.11, 11.0 65.31\/65.35F y 11.1 47.14 permite a un atacante remoto robar las cookies de sesión de un usuario legítimo AAA a través de manipulación del cabecero del Host."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:M\/Au:N\/C:P\/I:P\/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1","matchCriteriaId":"D967EA02-A9F4-45EA-AD1D-56D8B1BC8335"},{"vulnerable":true,"criteria":"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*","matchCriteriaId":"D8C7525B-2A2D-43AF-8DA0-11FF28322337"},{"vulnerable":true,"criteria":"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*","matchCriteriaId":"CB678AF5-12B4-41D0-A381-46EE277313B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*","matchCriteriaId":"123D42E1-3CDD-4D46-82F6-8982DE716F7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9"}]}]}],"references":[{"url":"http:\/\/www.securityfocus.com\/bid\/93947","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http:\/\/www.securitytracker.com\/id\/1037175","source":"cve@mitre.org"},{"url":"https:\/\/support.citrix.com\/article\/CTX218361","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http:\/\/www.securityfocus.com\/bid\/93947","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http:\/\/www.securitytracker.com\/id\/1037175","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https:\/\/support.citrix.com\/article\/CTX218361","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}