MikeStreetz (0)

Last Login: July 21, 2023

Assessments

Score

MikeStreetz's Latest (2) Contributions

Sort by:

Filter by:

MikeStreetz replied to rbowes-r7's assessment of CVE-2023-3519

July 21, 2023 9:25pm UTC (9 months ago)

now there’s this (https://bishopfox.com/blog/citrix-adc-gateway-rce-cve-2023-3519) too, which suggests that the SAML thing is something else that got patched, because they exploited something they think is cve-2023-3519 without needing SAML enabled at all.

MikeStreetz replied to rbowes-r7's assessment of CVE-2023-3519

July 20, 2023 4:53pm UTC (9 months ago)

If this is a buffer overflow in SAML, wouldn’t you essentially need to be the IDP to pull this off? How else are you able to send SAML Assertions that the netscaler wouldn’t otherwise drop?

MikeStreetz (0)

Last Login: July 21, 2023

MikeStreetz's Latest (2) Contributions

Quick Cookie Notification