CVE-2007-0796

Name of the Vulnerable Software and Affected Versions Blue Coat Systems WinProxy versions 6.0 r1c through 6.1a

Description The issue allows remote attackers to cause a denial of service, potentially leading to daemon crash, or possibly execute arbitrary code. This is achieved by sending a long HTTP CONNECT request, which triggers heap corruption.

Recommendations For Blue Coat Systems WinProxy versions 6.0 r1c through 6.1a, consider restricting access to the HTTP CONNECT request until a fix is available. As a temporary workaround, limiting the length of HTTP CONNECT requests may help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.