Citrix NetScaler - Memory Leak (CVE-2023-4966)

Citrix NetScaler server is vulnerable to CVE-2023-4966, an Information Disclosure vulnerability that can be leveraged to achieve unauthorized authentication on the device, affecting the <code>/oauth/idp/.well-known/openid-configuration</code> endpoint. The root cause of this vulnerability is an improper sanitization of user-provided input inside the Host header. This vulnerability allows an unauthenticated remote attacker to dump a session token in order to authenticate on the webserver.

Citrix NetScaler 服务器存在 CVE-2023-4966 漏洞，该漏洞为一项信息泄露漏洞，可被恶意利用以实现对设备的未授权认证，影响 <code>/oauth/idp/.well-known/openid-configuration</code> 终端。此漏洞的根本原因在于对用户提供的输入在 Host 标头中的不当清理。该漏洞允许未经认证的远程攻击者泄露会话令牌，进而实现对网络服务器的认证。