Customers should ensure that their deployments follow the Citrix Secure Deployment Guide (http://support.citrix.com/article/CTX129514).
New versions of the Citrix NetScaler ADC firmware and NetScaler Gateway software have been released to address this vulnerability. Citrix recommends that affected customers upgrade to a version of the NetScaler appliance firmware that contains the fix for this issue as soon as they are able to do so.
This vulnerability has been addressed in the following firmware versions:
- Citrix NetScaler ADC and Gateway version 10.5 Build 56.15 and 10.5.e Build 56.1505.e and later
- Citrix NetScaler ADC and Gateway version 10.1 Build 132.8 and later
These versions can be obtained from the following locations:
NetScaler ADC Firmware
https://www.citrix.com/downloads/netscaler-adc/firmware.html
NetScaler ADC Virtual Appliance
https://www.citrix.com/downloads/netscaler-adc/virtual-appliances.html
NetScaler Gateway Product Software
https://www.citrix.com/downloads/netscaler-gateway/product-software.html