Vulnerabilites related to bluecoat - advanced_secure_gateway
cve-2016-6594
Vulnerability from cvelistv5
Published
2017-06-08 20:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91404 | vdb-entry, x_refsource_BID | |
| https://bto.bluecoat.com/security-advisory/sa130 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91404"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-23T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "91404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91404"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa130"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-6594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91404"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa130",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa130"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-6594",
"datePublished": "2017-06-08T20:00:00",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-08-06T01:36:28.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9091
Vulnerability from cvelistv5
Published
2017-04-05 15:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97372 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/41785/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.exploit-db.com/exploits/41786/ | exploit, x_refsource_EXPLOIT-DB | |
| https://bto.bluecoat.com/security-advisory/sa138 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Symantec Corporation | Blue Coat ASG |
Version: 6.6 prior to 6.6.5.4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Blue Coat ASG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.4"
}
]
},
{
"product": "Blue Coat CAS",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "1.3 prior to 1.3.7.4"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-9091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blue Coat ASG",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.4"
}
]
}
},
{
"product_name": "Blue Coat CAS",
"version": {
"version_data": [
{
"version_value": "1.3 prior to 1.3.7.4"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa138",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-9091",
"datePublished": "2017-04-05T15:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8597
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%."
References
| ▼ | URL | Tags |
|---|---|---|
| https://bto.bluecoat.com/security-advisory/sa107 | x_refsource_CONFIRM | |
| http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/ | x_refsource_MISC | |
| http://www.securitytracker.com/id/1034506 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"name": "1034506",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"name": "1034506",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa107",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa107"
},
{
"name": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/",
"refsource": "MISC",
"url": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"name": "1034506",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8597",
"datePublished": "2016-01-08T19:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-06-08 20:29
Modified
2024-11-21 02:56
Severity ?
Summary
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF6DF9-AF0F-455D-8268-F6A6D6241D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluecoat:cacheflow:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "394EE24C-FD34-4346-862F-90306C352185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluecoat:proxysg:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7C7AB7-603E-4499-8C9B-C280C354C7BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluecoat:proxysg:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6675B614-BFD6-4B5E-85AA-95D402E8B3E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning."
},
{
"lang": "es",
"value": "Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG versiones 6.5 y 6.6 permite a los atacantes remotos evitar las solicitudes bloqueadas, la autenticaci\u00f3n del usuario y el escaneo de la carga \u00fatil."
}
],
"id": "CVE-2016-6594",
"lastModified": "2024-11-21T02:56:24.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T20:29:00.280",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/91404"
},
{
"source": "secure@symantec.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa130"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-05 15:59
Modified
2024-11-21 03:00
Severity ?
Summary
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluecoat | advanced_secure_gateway | * | |
| bluecoat | content_analysis_system_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0D9329-D60D-40F9-AE40-B5EDE0B52AB5",
"versionEndIncluding": "6.6.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFA49F6-C7C2-4450-9067-E06368A33C85",
"versionEndIncluding": "1.3.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
},
{
"lang": "es",
"value": "Blue Coat Advanced Security Gateway (ASG) 6.6 en versiones anteriores a 6.6.5.4 y el Sistema de An\u00e1lisis de Contenido (CAS) 1.3 en versiones anteriores a 1.3.7.4 son susceptibles a una vulnerabilidad de inyecci\u00f3n de comandos de OS. Un administrador malicioso autenticado puede ejecutar comandos de OS arbitrarios con privilegios de sistema elevados."
}
],
"id": "CVE-2016-9091",
"lastModified": "2024-11-21T03:00:35.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-05T15:59:00.170",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"source": "secure@symantec.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
},
{
"source": "secure@symantec.com",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"source": "secure@symantec.com",
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/41786/"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2024-11-21 02:38
Severity ?
Summary
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluecoat | proxysg | * | |
| bluecoat | advanced_secure_gateway | 6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA407CC-8435-477A-9290-116E70E7EB62",
"versionEndIncluding": "6.5.8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF6DF9-AF0F-455D-8268-F6A6D6241D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en Blue Coat ProxySG 6.5 en versiones anteriores a 6.5.8.8 y 6.6 y Advanced Secure Gateway (ASG) 6.6 podr\u00eda permitir a atacantes remotos redirigir a usuarios a p\u00e1ginas web arbitrarias y dirigir ataques de phishing a trav\u00e9s de una URL codificada en base64 en conjunci\u00f3n con un \"clear text\" en p\u00e1gina de entrenamiento, seg\u00fan lo demostrado por \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%\"."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-8597",
"lastModified": "2024-11-21T02:38:47.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T19:59:15.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034506"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa107"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}