Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

CVE-2019-19781

What Customers Should Do
Exploits of this issue on unmitigated appliances have been observed in the wild. Citrix strongly urges affected customers to immediately upgrade to a fixed build OR apply the provided mitigation which applies equally to Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP deployments. Customers who have chosen to immediately apply the mitigation should then upgrade all of their vulnerable appliances to a fixed build of the appliance at their earliest schedule. Subscribe to bulletin alerts at https://support.citrix.com/user/alerts to be notified when the new fixes are available.

The following knowledge base article contains the steps to deploy a responder policy to mitigate the issue in the interim until the system has been updated to a fixed build: CTX267679 - https://support.citrix.com/article/CTX267679

What Customers Should Do
Exploits of this issue on unmitigated appliances have been observed in the wild. Citrix strongly urges affected customers to immediately upgrade to a fixed build OR apply the provided mitigation which applies equally to Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP deployments. Customers who have chosen to immediately apply the mitigation should then upgrade all of their vulnerable appliances to a fixed build of the appliance at their earliest schedule. Subscribe to bulletin alerts at <a href="https://support.citrix.com/user/alerts">https://support.citrix.com/user/alerts</a> to be notified when the new fixes are available.
The following knowledge base article contains the steps to deploy a responder policy to mitigate the issue in the interim until the system has been updated to a fixed build: CTX267679 - <a href="https://support.citrix.com/article/CTX267679">https://support.citrix.com/article/CTX267679</a>

Apply Mitigation Steps for CVE-2019-19781


Art Manion and Will Dormann report:


	    By using an older and less-secure form of open(), it is
	    possible for untrusted template files to cause reads/writes
	    outside of the template directories. This vulnerability is
	    a component of the recent Citrix exploit.
	  



Art Manion and Will Dormann report:
<pre><code> By using an older and less-secure form of open(), it is
 possible for untrusted template files to cause reads/writes
 outside of the template directories. This vulnerability is
 a component of the recent Citrix exploit.</code></pre>

FreeBSD

Template::Toolkit -- Directory traversal on write

Featured CVEs

Feed of the featured CVEs from Vulcan Remedy Cloud.

Vulcan Remedy Cloud - Featured CVEs

Thank you for downloading from Remedy Cloud!

Please fill out the form to download the CSV

Your Script is On It's Way!

Tell us where to send the script

Your Email Was Successfully Sent!

Email

Your Name

Your fix has been sent successfully!

Suggest a Fix

Search for a CVE below to see all the available fixes

Remedy Cloud

Loading - Vulcan Remedy Cloud

The page you are looking for was moved, removed, renamed or might never existed.

CVE-2019-19781

2 fixes found:

Workaround

Apply Mitigation Steps for CVE-2019-19781

Version Update

Template::Toolkit -- Directory traversal on write