PT-2015-6521 · Blue Coat · Blue Coat Proxysg

Published

2015-12-07

Updated

2019-02-12

CVE-2015-4334

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Blue Coat ProxySG versions prior to 6.2.16.5 Blue Coat ProxySG versions prior to 6.5.7.1 Blue Coat ProxySG versions prior to 6.6.2.1

Description The default configuration of SGOS in Blue Coat ProxySG forwards authentication challenges from upstream origin content servers when used in an explicit proxy deployment. This makes it easier for remote attackers to obtain sensitive information via a 407 HTTP status code. This issue is demonstrated when using NTLM authentication.

Recommendations For versions prior to 6.2.16.5, update to version 6.2.16.5 or later. For versions prior to 6.5.7.1, update to version 6.5.7.1 or later. For versions prior to 6.6.2.1, update to version 6.6.2.1 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-4334

Affected Products

Blue Coat Proxysg

PT-2015-6521 · Blue Coat · Blue Coat Proxysg

CVE-2015-4334

Weakness Enumeration

Related Identifiers

Affected Products

References · 4