AnsweredAssumed Answered

Netscaler hosted sites drop from A to F - POODLE TLS detection

Question asked by Jennifer Thomas on Aug 12, 2015
Latest reply on Aug 31, 2015 by Jennifer Thomas

We recently (over the last day) started getting an “F” rating on our sites hosted by the Netscaler due to the POODLE TLS vulnerability (CVE-2014-8730) however, everything I have been told by Citrix - is that our build (10.5.53.9 nc) is not vulnerable.  The TL variant of the vulnerability came out in December of 2014 after SSLv3.  We have had a score of A as recently as June 2015. There are some other grumblings on the Qualys’ Community board, as well as out in the wild, regarding people having a sudden drop in grade from A to F for NetScaler’s and Cisco ACE devices. Unfortunately I have not been able to find much info on why the sudden change in grade level (from A to F) after no changes on our end and no new TLS POODLE vulnerabilities.  Any insight you could provide would be very helpful.  Citrix support still states our build is not vulnerable to (CVE-2014-8730).

 

Here are some links I referenced:

 

http://discussions.citrix.com/topic/358751-return-of-poodle-on-tls-cve-2014-8730/

 

https://vivaldi.net/en-US/blogs/entry/there-are-more-poodles-in-the-forest

 

https://community.qualys.com/thread/15387

 

http://discussions.citrix.com/topic/358751-return-of-poodle-on-tls-cve-2014-8730/

 

https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls

 

Any other insight would be very helpful.


Thanks,

Jennifer Thomas

Outcomes