Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
32 vulnerabilities by bluecoat
CVE-2016-6594 (GCVE-0-2016-6594)
Vulnerability from cvelistv5 – Published: 2017-06-08 20:00 – Updated: 2024-08-06 01:36
VLAI
Summary
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/91404 | vdb-entryx_refsource_BID |
| https://bto.bluecoat.com/security-advisory/sa130 | x_refsource_CONFIRM |
Date Public
2016-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91404"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-23T09:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "91404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91404"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa130"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-6594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91404"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa130",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa130"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-6594",
"datePublished": "2017-06-08T20:00:00.000Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:36:28.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9091 (GCVE-0-2016-9091)
Vulnerability from cvelistv5 – Published: 2017-04-05 15:00 – Updated: 2024-08-06 02:42
VLAI
Summary
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
Severity
No CVSS data available.
CWE
- OS command injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/97372 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/41785/ | exploitx_refsource_EXPLOIT-DB |
| https://www.exploit-db.com/exploits/41786/ | exploitx_refsource_EXPLOIT-DB |
| https://bto.bluecoat.com/security-advisory/sa138 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Blue Coat ASG |
Affected:
6.6 prior to 6.6.5.4
|
|
| Symantec Corporation | Blue Coat CAS |
Affected:
1.3 prior to 1.3.7.4
|
Date Public
2017-04-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Blue Coat ASG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.4"
}
]
},
{
"product": "Blue Coat CAS",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "1.3 prior to 1.3.7.4"
}
]
}
],
"datePublic": "2017-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-9091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blue Coat ASG",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.4"
}
]
}
},
{
"product_name": "Blue Coat CAS",
"version": {
"version_data": [
{
"version_value": "1.3 prior to 1.3.7.4"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa138",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-9091",
"datePublished": "2017-04-05T15:00:00.000Z",
"dateReserved": "2016-10-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:10.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8597 (GCVE-0-2015-8597)
Vulnerability from cvelistv5 – Published: 2016-01-08 19:00 – Updated: 2024-08-06 08:20
VLAI
Summary
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bto.bluecoat.com/security-advisory/sa107 | x_refsource_CONFIRM |
| http://knowitsecure.se/2015/12/18/knowit-secure-s… | x_refsource_MISC |
| http://www.securitytracker.com/id/1034506 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"name": "1034506",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"name": "1034506",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa107",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa107"
},
{
"name": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/",
"refsource": "MISC",
"url": "http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"
},
{
"name": "1034506",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8597",
"datePublished": "2016-01-08T19:00:00.000Z",
"dateReserved": "2015-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:20:43.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8482 (GCVE-0-2015-8482)
Vulnerability from cvelistv5 – Published: 2015-12-07 20:00 – Updated: 2024-09-17 02:47
VLAI
Summary
Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bto.bluecoat.com/security-advisory/sa102 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:42.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-07T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa102",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8482",
"datePublished": "2015-12-07T20:00:00.000Z",
"dateReserved": "2015-12-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:47:21.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1454 (GCVE-0-2015-1454)
Vulnerability from cvelistv5 – Published: 2015-02-02 16:00 – Updated: 2024-09-16 17:14
VLAI
Summary
Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bto.bluecoat.com/security-advisory/sa89 | x_refsource_CONFIRM |
| http://secunia.com/advisories/62617 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa89"
},
{
"name": "62617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-02T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa89"
},
{
"name": "62617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa89",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa89"
},
{
"name": "62617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1454",
"datePublished": "2015-02-02T16:00:00.000Z",
"dateReserved": "2015-02-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:47.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2565 (GCVE-0-2014-2565)
Vulnerability from cvelistv5 – Published: 2014-04-30 14:00 – Updated: 2024-08-06 10:21
VLAI
Summary
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.bluecoat.com/index?page=content&id=SA7… | x_refsource_CONFIRM |
Date Public
2014-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:34.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to \"command injection.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-30T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to \"command injection.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2565",
"datePublished": "2014-04-30T14:00:00.000Z",
"dateReserved": "2014-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:21:34.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2033 (GCVE-0-2014-2033)
Vulnerability from cvelistv5 – Published: 2014-03-02 17:00 – Updated: 2024-08-06 09:58
VLAI
Summary
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/221620 | third-party-advisoryx_refsource_CERT-VN |
| https://kb.bluecoat.com/index?page=content&id=SA77 | x_refsource_CONFIRM |
Date Public
2014-02-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#221620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/221620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA77"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-02T16:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#221620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/221620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA77"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#221620",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/221620"
},
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA77",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA77"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2033",
"datePublished": "2014-03-02T17:00:00.000Z",
"dateReserved": "2014-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:58:16.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5959 (GCVE-0-2013-5959)
Vulnerability from cvelistv5 – Published: 2013-09-28 19:00 – Updated: 2024-08-06 17:29
VLAI
Summary
Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/54991 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/97767 | vdb-entryx_refsource_OSVDB |
| https://kb.bluecoat.com/index?page=content&id=SA75 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1029088 | vdb-entryx_refsource_SECTRACK |
Date Public
2013-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54991"
},
{
"name": "97767",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/97767"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA75"
},
{
"name": "1029088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54991"
},
{
"name": "97767",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/97767"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA75"
},
{
"name": "1029088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54991"
},
{
"name": "97767",
"refsource": "OSVDB",
"url": "http://osvdb.org/97767"
},
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA75",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA75"
},
{
"name": "1029088",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5959",
"datePublished": "2013-09-28T19:00:00.000Z",
"dateReserved": "2013-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:41.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5191 (GCVE-0-2010-5191)
Vulnerability from cvelistv5 – Published: 2012-08-26 19:00 – Updated: 2024-09-16 20:26
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.bluecoat.com/index?page=content&id=SA46 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA46",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5191",
"datePublished": "2012-08-26T19:00:00.000Z",
"dateReserved": "2012-08-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:25.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5127 (GCVE-0-2011-5127)
Vulnerability from cvelistv5 – Published: 2012-08-26 19:00 – Updated: 2024-09-17 01:20
VLAI
Summary
Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.bluecoat.com/index?page=content&id=SA60 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA60"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA60",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA60"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5127",
"datePublished": "2012-08-26T19:00:00.000Z",
"dateReserved": "2012-08-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:20:47.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5125 (GCVE-0-2011-5125)
Vulnerability from cvelistv5 – Published: 2012-08-26 19:00 – Updated: 2024-09-16 16:22
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.bluecoat.com/index?page=content&id=SA62 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA62"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA62",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA62"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5125",
"datePublished": "2012-08-26T19:00:00.000Z",
"dateReserved": "2012-08-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:22:36.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5190 (GCVE-0-2010-5190)
Vulnerability from cvelistv5 – Published: 2012-08-26 19:00 – Updated: 2024-09-16 22:41
VLAI
Summary
The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.bluecoat.com/index?page=content&id=SA48 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA48"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA48",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA48"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5190",
"datePublished": "2012-08-26T19:00:00.000Z",
"dateReserved": "2012-08-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:41:25.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5192 (GCVE-0-2010-5192)
Vulnerability from cvelistv5 – Published: 2012-08-26 19:00 – Updated: 2024-08-07 04:09
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2010/2562 | vdb-entryx_refsource_VUPEN |
| https://kb.bluecoat.com/index?page=content&id=SA47 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/68322 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/43675 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1024503 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/41695 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2562",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA47"
},
{
"name": "bluecoat-proxysg-userinterface-xss(62240)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62240"
},
{
"name": "68322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/68322"
},
{
"name": "43675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43675"
},
{
"name": "1024503",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024503"
},
{
"name": "41695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-2562",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA47"
},
{
"name": "bluecoat-proxysg-userinterface-xss(62240)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62240"
},
{
"name": "68322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/68322"
},
{
"name": "43675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43675"
},
{
"name": "1024503",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024503"
},
{
"name": "41695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2562",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2562"
},
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA47",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA47"
},
{
"name": "bluecoat-proxysg-userinterface-xss(62240)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62240"
},
{
"name": "68322",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68322"
},
{
"name": "43675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43675"
},
{
"name": "1024503",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024503"
},
{
"name": "41695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5192",
"datePublished": "2012-08-26T19:00:00.000Z",
"dateReserved": "2012-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:09:39.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5126 (GCVE-0-2011-5126)
Vulnerability from cvelistv5 – Published: 2012-08-26 19:00 – Updated: 2024-09-17 00:46
VLAI
Summary
Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.bluecoat.com/index?page=content&id=SA56 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA56",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5126",
"datePublished": "2012-08-26T19:00:00.000Z",
"dateReserved": "2012-08-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:46:29.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5124 (GCVE-0-2011-5124)
Vulnerability from cvelistv5 – Published: 2012-08-26 19:00 – Updated: 2024-09-16 16:13
VLAI
Summary
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.bluecoat.com/index?page=content&id=SA55 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA55",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5124",
"datePublished": "2012-08-26T19:00:00.000Z",
"dateReserved": "2012-08-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:13:42.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5189 (GCVE-0-2010-5189)
Vulnerability from cvelistv5 – Published: 2012-08-26 19:00 – Updated: 2024-09-17 03:07
VLAI
Summary
Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.bluecoat.com/index?page=content&id=SA45 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA45"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA45",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA45"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5189",
"datePublished": "2012-08-26T19:00:00.000Z",
"dateReserved": "2012-08-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:07:04.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1211 (GCVE-0-2009-1211)
Vulnerability from cvelistv5 – Published: 2009-04-01 10:00 – Updated: 2024-09-17 04:09
VLAI
Summary
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://hypersonic.bluecoat.com/support/securitya… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id?1021781 | vdb-entryx_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments"
},
{
"name": "1021781",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-01T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments"
},
{
"name": "1021781",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments",
"refsource": "CONFIRM",
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments"
},
{
"name": "1021781",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1211",
"datePublished": "2009-04-01T10:00:00.000Z",
"dateReserved": "2009-03-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:09:14.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4485 (GCVE-0-2008-4485)
Vulnerability from cvelistv5 – Published: 2008-10-08 01:00 – Updated: 2024-08-07 10:17
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=122298544725313&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/31543 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/32122 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1020979 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2008/2739 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/4367 | third-party-advisoryx_refsource_SREASON |
| http://marc.info/?l=bugtraq&m=122210321731789&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.bluecoat.com/support/securityadvisorie… | x_refsource_CONFIRM |
Date Public
2008-09-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bluecoat-sgos-icap-patience-xss(45625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45625"
},
{
"name": "20081002 Re: Blue Coat xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122298544725313\u0026w=2"
},
{
"name": "31543",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31543"
},
{
"name": "32122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32122"
},
{
"name": "1020979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020979"
},
{
"name": "ADV-2008-2739",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2739"
},
{
"name": "4367",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4367"
},
{
"name": "20080921 Blue Coat xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122210321731789\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bluecoat.com/support/securityadvisories/icap_patience"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bluecoat-sgos-icap-patience-xss(45625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45625"
},
{
"name": "20081002 Re: Blue Coat xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122298544725313\u0026w=2"
},
{
"name": "31543",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31543"
},
{
"name": "32122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32122"
},
{
"name": "1020979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020979"
},
{
"name": "ADV-2008-2739",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2739"
},
{
"name": "4367",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4367"
},
{
"name": "20080921 Blue Coat xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122210321731789\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bluecoat.com/support/securityadvisories/icap_patience"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bluecoat-sgos-icap-patience-xss(45625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45625"
},
{
"name": "20081002 Re: Blue Coat xss",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=122298544725313\u0026w=2"
},
{
"name": "31543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31543"
},
{
"name": "32122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32122"
},
{
"name": "1020979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020979"
},
{
"name": "ADV-2008-2739",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2739"
},
{
"name": "4367",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4367"
},
{
"name": "20080921 Blue Coat xss",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=122210321731789\u0026w=2"
},
{
"name": "http://www.bluecoat.com/support/securityadvisories/icap_patience",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/securityadvisories/icap_patience"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4485",
"datePublished": "2008-10-08T01:00:00.000Z",
"dateReserved": "2008-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:17:09.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1685 (GCVE-0-2007-1685)
Vulnerability from cvelistv5 – Published: 2007-06-08 20:00 – Updated: 2024-08-07 13:06
VLAI
Summary
Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1018210 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/470836/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2007/2104 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/37186 | vdb-entryx_refsource_OSVDB |
| http://www.csis.dk/dk/forside/Bluecoat-k9.pdf | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/271601 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/24373 | vdb-entryx_refsource_BID |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://secunia.com/advisories/25593 | third-party-advisoryx_refsource_SECUNIA |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2007-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018210",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018210"
},
{
"name": "20070608 CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470836/100/0/threaded"
},
{
"name": "ADV-2007-2104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2104"
},
{
"name": "bluecoat-management-interface-bo(34773)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34773"
},
{
"name": "37186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37186"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csis.dk/dk/forside/Bluecoat-k9.pdf"
},
{
"name": "VU#271601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/271601"
},
{
"name": "24373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24373"
},
{
"name": "20070608 CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063848.html"
},
{
"name": "25593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25593"
},
{
"name": "20070608 Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0190.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1018210",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018210"
},
{
"name": "20070608 CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470836/100/0/threaded"
},
{
"name": "ADV-2007-2104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2104"
},
{
"name": "bluecoat-management-interface-bo(34773)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34773"
},
{
"name": "37186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37186"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csis.dk/dk/forside/Bluecoat-k9.pdf"
},
{
"name": "VU#271601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/271601"
},
{
"name": "24373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24373"
},
{
"name": "20070608 CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063848.html"
},
{
"name": "25593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25593"
},
{
"name": "20070608 Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0190.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-1685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018210",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018210"
},
{
"name": "20070608 CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470836/100/0/threaded"
},
{
"name": "ADV-2007-2104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2104"
},
{
"name": "bluecoat-management-interface-bo(34773)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34773"
},
{
"name": "37186",
"refsource": "OSVDB",
"url": "http://osvdb.org/37186"
},
{
"name": "http://www.csis.dk/dk/forside/Bluecoat-k9.pdf",
"refsource": "MISC",
"url": "http://www.csis.dk/dk/forside/Bluecoat-k9.pdf"
},
{
"name": "VU#271601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/271601"
},
{
"name": "24373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24373"
},
{
"name": "20070608 CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063848.html"
},
{
"name": "25593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25593"
},
{
"name": "20070608 Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0190.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-1685",
"datePublished": "2007-06-08T20:00:00.000Z",
"dateReserved": "2007-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:06:25.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0796 (GCVE-0-2007-0796)
Vulnerability from cvelistv5 – Published: 2007-02-06 19:00 – Updated: 2024-08-07 12:34
VLAI
Summary
Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/33097 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/22393 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1017586 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2007/0482 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/24049 | third-party-advisoryx_refsource_SECUNIA |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
Date Public
2007-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33097"
},
{
"name": "winproxy-connect-bo(32204)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32204"
},
{
"name": "22393",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22393"
},
{
"name": "1017586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017586"
},
{
"name": "ADV-2007-0482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0482"
},
{
"name": "24049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24049"
},
{
"name": "20070202 Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33097"
},
{
"name": "winproxy-connect-bo(32204)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32204"
},
{
"name": "22393",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22393"
},
{
"name": "1017586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017586"
},
{
"name": "ADV-2007-0482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0482"
},
{
"name": "24049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24049"
},
{
"name": "20070202 Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33097",
"refsource": "OSVDB",
"url": "http://osvdb.org/33097"
},
{
"name": "winproxy-connect-bo(32204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32204"
},
{
"name": "22393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22393"
},
{
"name": "1017586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017586"
},
{
"name": "ADV-2007-0482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0482"
},
{
"name": "24049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24049"
},
{
"name": "20070202 Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0796",
"datePublished": "2007-02-06T19:00:00.000Z",
"dateReserved": "2007-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:34:21.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0578 (GCVE-0-2006-0578)
Vulnerability from cvelistv5 – Published: 2006-02-08 01:00 – Updated: 2024-08-07 16:41
VLAI
Summary
Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/22853 | vdb-entryx_refsource_OSVDB |
| http://www.bluecoat.com/support/knowledge/advisor… | x_refsource_CONFIRM |
| http://secunia.com/advisories/18622 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1015644 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2006/0401 | vdb-entryx_refsource_VUPEN |
| http://www.secumind.net/content/french/modules/ne… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-02-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html"
},
{
"name": "18622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18622"
},
{
"name": "1015644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015644"
},
{
"name": "ADV-2006-0401",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0401"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=8"
},
{
"name": "proxysg-connect-bypass-security(24446)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html"
},
{
"name": "18622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18622"
},
{
"name": "1015644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015644"
},
{
"name": "ADV-2006-0401",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0401"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=8"
},
{
"name": "proxysg-connect-bypass-security(24446)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24446"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22853",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22853"
},
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html"
},
{
"name": "18622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18622"
},
{
"name": "1015644",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015644"
},
{
"name": "ADV-2006-0401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0401"
},
{
"name": "http://www.secumind.net/content/french/modules/news/article.php?storyid=8",
"refsource": "MISC",
"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=8"
},
{
"name": "proxysg-connect-bypass-security(24446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24446"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0578",
"datePublished": "2006-02-08T01:00:00.000Z",
"dateReserved": "2006-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:28.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4085 (GCVE-0-2005-4085)
Vulnerability from cvelistv5 – Published: 2006-01-06 11:00 – Updated: 2024-08-07 23:31
VLAI
Summary
Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18909 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1015441 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2006/0622 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/0065 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18288 | third-party-advisoryx_refsource_SECUNIA |
| http://www.idefense.com/intelligence/vulnerabilit… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.bluecoat.com/support/knowledge/advisor… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/16147 | vdb-entryx_refsource_BID |
Date Public
2006-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18909"
},
{
"name": "1015441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015441"
},
{
"name": "ADV-2006-0622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0622"
},
{
"name": "ADV-2006-0065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18288"
},
{
"name": "20060105 Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html"
},
{
"name": "16147",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18909"
},
{
"name": "1015441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015441"
},
{
"name": "ADV-2006-0622",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0622"
},
{
"name": "ADV-2006-0065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18288"
},
{
"name": "20060105 Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html"
},
{
"name": "16147",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18909"
},
{
"name": "1015441",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015441"
},
{
"name": "ADV-2006-0622",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0622"
},
{
"name": "ADV-2006-0065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18288"
},
{
"name": "20060105 Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364"
},
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html"
},
{
"name": "16147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4085",
"datePublished": "2006-01-06T11:00:00.000Z",
"dateReserved": "2005-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3654 (GCVE-0-2005-3654)
Vulnerability from cvelistv5 – Published: 2006-01-06 00:00 – Updated: 2024-08-07 23:17
VLAI
Summary
Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1015442 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/322 | third-party-advisoryx_refsource_SREASON |
| http://www.winproxy.com/products/relnotes.asp | x_refsource_CONFIRM |
| http://www.idefense.com/intelligence/vulnerabilit… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.vupen.com/english/advisories/2006/0065 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18288 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/16149 | vdb-entryx_refsource_BID |
Date Public
2006-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015442"
},
{
"name": "322",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/322"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.winproxy.com/products/relnotes.asp"
},
{
"name": "20060105 Blue Coat WinProxy Telnet DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365"
},
{
"name": "ADV-2006-0065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18288"
},
{
"name": "16149",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015442",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015442"
},
{
"name": "322",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/322"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.winproxy.com/products/relnotes.asp"
},
{
"name": "20060105 Blue Coat WinProxy Telnet DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365"
},
{
"name": "ADV-2006-0065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18288"
},
{
"name": "16149",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015442",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015442"
},
{
"name": "322",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/322"
},
{
"name": "http://www.winproxy.com/products/relnotes.asp",
"refsource": "CONFIRM",
"url": "http://www.winproxy.com/products/relnotes.asp"
},
{
"name": "20060105 Blue Coat WinProxy Telnet DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365"
},
{
"name": "ADV-2006-0065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18288"
},
{
"name": "16149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3654",
"datePublished": "2006-01-06T00:00:00.000Z",
"dateReserved": "2005-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:17:23.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3187 (GCVE-0-2005-3187)
Vulnerability from cvelistv5 – Published: 2006-01-05 23:00 – Updated: 2024-08-07 23:01
VLAI
Summary
The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.idefense.com/intelligence/vulnerabilit… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.vupen.com/english/advisories/2006/0065 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18288 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/16148 | vdb-entryx_refsource_BID |
Date Public
2006-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060105 Blue Coat WinProxy Remote DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363"
},
{
"name": "ADV-2006-0065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18288"
},
{
"name": "16148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060105 Blue Coat WinProxy Remote DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363"
},
{
"name": "ADV-2006-0065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18288"
},
{
"name": "16148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060105 Blue Coat WinProxy Remote DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363"
},
{
"name": "ADV-2006-0065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18288"
},
{
"name": "16148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3187",
"datePublished": "2006-01-05T23:00:00.000Z",
"dateReserved": "2005-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:58.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2397 (GCVE-0-2004-2397)
Vulnerability from cvelistv5 – Published: 2005-08-17 04:00 – Updated: 2024-08-08 01:22
VLAI
Summary
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.bluecoat.com/support/knowledge/advisor… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/10371 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/11627 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/6218 | vdb-entryx_refsource_OSVDB |
Date Public
2004-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html"
},
{
"name": "10371",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10371"
},
{
"name": "11627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11627"
},
{
"name": "bluecoat-sgos-key-plaintext(16182)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16182"
},
{
"name": "6218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html"
},
{
"name": "10371",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10371"
},
{
"name": "11627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11627"
},
{
"name": "bluecoat-sgos-key-plaintext(16182)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16182"
},
{
"name": "6218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6218"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html"
},
{
"name": "10371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10371"
},
{
"name": "11627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11627"
},
{
"name": "bluecoat-sgos-key-plaintext(16182)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16182"
},
{
"name": "6218",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6218"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2397",
"datePublished": "2005-08-17T04:00:00.000Z",
"dateReserved": "2005-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:22:13.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1710 (GCVE-0-2005-1710)
Vulnerability from cvelistv5 – Published: 2005-05-24 04:00 – Updated: 2024-08-07 21:59
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/16765 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/15452 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111695726810435&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.bluecoat.com/support/knowledge/advisor… | x_refsource_CONFIRM |
| http://www.osvdb.org/16766 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2005/0589 | vdb-entryx_refsource_VUPEN |
Date Public
2005-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16765",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16765"
},
{
"name": "15452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15452"
},
{
"name": "20050524 Blue Coat Reporter multiple remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111695726810435\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16766"
},
{
"name": "ADV-2005-0589",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16765",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16765"
},
{
"name": "15452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15452"
},
{
"name": "20050524 Blue Coat Reporter multiple remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111695726810435\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16766"
},
{
"name": "ADV-2005-0589",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16765",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16765"
},
{
"name": "15452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15452"
},
{
"name": "20050524 Blue Coat Reporter multiple remote vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111695726810435\u0026w=2"
},
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16766",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16766"
},
{
"name": "ADV-2005-0589",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1710",
"datePublished": "2005-05-24T04:00:00.000Z",
"dateReserved": "2005-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:59:24.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1709 (GCVE-0-2005-1709)
Vulnerability from cvelistv5 – Published: 2005-05-24 04:00 – Updated: 2024-08-07 21:59
VLAI
Summary
Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/15452 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/13725 | vdb-entryx_refsource_BID |
| http://www.bluecoat.com/support/knowledge/advisor… | x_refsource_CONFIRM |
| http://www.osvdb.org/16764 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2005/0589 | vdb-entryx_refsource_VUPEN |
Date Public
2005-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15452"
},
{
"name": "13725",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16764",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16764"
},
{
"name": "ADV-2005-0589",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15452"
},
{
"name": "13725",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16764",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16764"
},
{
"name": "ADV-2005-0589",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15452"
},
{
"name": "13725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13725"
},
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16764",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16764"
},
{
"name": "ADV-2005-0589",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1709",
"datePublished": "2005-05-24T04:00:00.000Z",
"dateReserved": "2005-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:59:24.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1708 (GCVE-0-2005-1708)
Vulnerability from cvelistv5 – Published: 2005-05-24 04:00 – Updated: 2024-08-07 21:59
VLAI
Summary
templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/15452 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111695726810435&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.bluecoat.com/support/knowledge/advisor… | x_refsource_CONFIRM |
| http://www.osvdb.org/16763 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/13723 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/0589 | vdb-entryx_refsource_VUPEN |
Date Public
2005-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15452"
},
{
"name": "20050524 Blue Coat Reporter multiple remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111695726810435\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16763",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16763"
},
{
"name": "13723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13723"
},
{
"name": "ADV-2005-0589",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15452"
},
{
"name": "20050524 Blue Coat Reporter multiple remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111695726810435\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16763",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16763"
},
{
"name": "13723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13723"
},
{
"name": "ADV-2005-0589",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15452"
},
{
"name": "20050524 Blue Coat Reporter multiple remote vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111695726810435\u0026w=2"
},
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16763",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16763"
},
{
"name": "13723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13723"
},
{
"name": "ADV-2005-0589",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1708",
"datePublished": "2005-05-24T04:00:00.000Z",
"dateReserved": "2005-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:59:24.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0081 (GCVE-0-2004-0081)
Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:01
VLAI
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2004-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "20040304-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"name": "openssl-tls-dos(15509)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "oval:org.mitre.oval:def:871",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"name": "oval:org.mitre.oval:def:11755",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"name": "VU#465542",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "RHSA-2004:119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"name": "oval:org.mitre.oval:def:902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "20040304-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"name": "openssl-tls-dos(15509)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "oval:org.mitre.oval:def:871",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"name": "oval:org.mitre.oval:def:11755",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"name": "VU#465542",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "RHSA-2004:119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"name": "oval:org.mitre.oval:def:902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "ESA-20040317-003",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"name": "RHSA-2004:121",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "CLA-2004:834",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "20040304-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"name": "openssl-tls-dos(15509)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "57524",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "oval:org.mitre.oval:def:871",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"name": "oval:org.mitre.oval:def:11755",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"name": "VU#465542",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"name": "TA04-078A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "GLSA-200403-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "RHSA-2004:119",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"name": "oval:org.mitre.oval:def:902",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"name": "RHSA-2004:139",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "2004-0012",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "DSA-465",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0081",
"datePublished": "2004-03-18T05:00:00.000Z",
"dateReserved": "2004-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:01:23.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0079 (GCVE-0-2004-0079)
Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2025-01-16 17:33
VLAI
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-476 - NULL Pointer Dereference
Assigner
References
45 references
Date Public
2004-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "FEDORA-2005-1042",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "SSRT4717",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "MDKSA-2004:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"name": "oval:org.mitre.oval:def:2621",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "17381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17381"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "oval:org.mitre.oval:def:9779",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
},
{
"name": "oval:org.mitre.oval:def:975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "SuSE-SA:2004:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"name": "FreeBSD-SA-04:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
},
{
"name": "NetBSD-SA2004-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"name": "O-101",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "17401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17401"
},
{
"name": "RHSA-2005:829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
},
{
"name": "oval:org.mitre.oval:def:870",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
},
{
"name": "RHSA-2005:830",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "17398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17398"
},
{
"name": "SSA:2004-077",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "openssl-dochangecipherspec-dos(15505)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "VU#288574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "18247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18247"
},
{
"name": "oval:org.mitre.oval:def:5770",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2004-0079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-08T16:21:54.985893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T17:33:22.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "FEDORA-2005-1042",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "SSRT4717",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "MDKSA-2004:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"name": "oval:org.mitre.oval:def:2621",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "17381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17381"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "oval:org.mitre.oval:def:9779",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
},
{
"name": "oval:org.mitre.oval:def:975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "SuSE-SA:2004:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"name": "FreeBSD-SA-04:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
},
{
"name": "NetBSD-SA2004-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"name": "O-101",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "17401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17401"
},
{
"name": "RHSA-2005:829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
},
{
"name": "oval:org.mitre.oval:def:870",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
},
{
"name": "RHSA-2005:830",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "17398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17398"
},
{
"name": "SSA:2004-077",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "openssl-dochangecipherspec-dos(15505)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "VU#288574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "18247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18247"
},
{
"name": "oval:org.mitre.oval:def:5770",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "FEDORA-2005-1042",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
},
{
"name": "ESA-20040317-003",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "SSRT4717",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"name": "RHSA-2004:121",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "MDKSA-2004:023",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"name": "oval:org.mitre.oval:def:2621",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
},
{
"name": "CLA-2004:834",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "17381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17381"
},
{
"name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "oval:org.mitre.oval:def:9779",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
},
{
"name": "oval:org.mitre.oval:def:975",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
},
{
"name": "57524",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "SuSE-SA:2004:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
"refsource": "CONFIRM",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"name": "http://www.openssl.org/news/secadv_20040317.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"name": "FreeBSD-SA-04:05",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
},
{
"name": "NetBSD-SA2004-005",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"name": "O-101",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"name": "TA04-078A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "17401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17401"
},
{
"name": "RHSA-2005:829",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
},
{
"name": "oval:org.mitre.oval:def:870",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
},
{
"name": "RHSA-2005:830",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
},
{
"name": "GLSA-200403-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US",
"refsource": "CONFIRM",
"url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
},
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "17398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17398"
},
{
"name": "SSA:2004-077",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"name": "RHSA-2004:139",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "openssl-dochangecipherspec-dos(15505)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"name": "2004-0012",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=61798",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "VU#288574",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"name": "DSA-465",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "18247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18247"
},
{
"name": "oval:org.mitre.oval:def:5770",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0079",
"datePublished": "2004-03-18T05:00:00.000Z",
"dateReserved": "2004-01-19T00:00:00.000Z",
"dateUpdated": "2025-01-16T17:33:22.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}