Update Shellshock & Poodle

Hi everybody,

just a short note to get the latest news for the Shellshock & Poodle vulnerability. I’m sure most of you had already done the steps Citrix recommends. But for the others here are the steps you need to do.


For NetScaler, Shellshock is only a problem on your private interfaces like SNIP, NSIP. Your VIP is safe. To get your private interfaces secure as well, just upgrade to 10.5-52.11 or 10.1-129.11 or 9.3-67.5 it depends where you come from. But I’m sure all of you are using 10.x instead of 9.3 meanwhile as the latter one is End-of-Maintenance by the end of next week.

AppFirewall got a new signature since the end of September called web-shell-shock to protect services behind NetScaler.


And again Citrix NetScaler gives you the chance to raise the security for every other web service you’re publishing. Just disable SSLv3 on your NetScaler SSL vServer objects and all your published web services are save. For your other NetScaler objects like NSIP / SNIP you need to go to the CLI but even those steps are explained in detail in CTX200238.