Lucene search

[email protected]CVE-2007-5796

HistoryNov 03, 2007 - 12:46 a.m.

CVE-2007-5796

2007-11-0300:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-5796

cross-site scripting

xss

blue coat proxysg

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.

Affected configurations

NVD

Node

symantecproxysg_firmwareRange<4.2.6.1

symantecproxysg_firmwareRange5.0.0–5.2.2.5

AND

symantecproxysgMatch-

CPENameOperatorVersion
symantec:proxysg_firmwaresymantec proxysg firmwarelt4.2.6.1
symantec:proxysg_firmwaresymantec proxysg firmwarelt5.2.2.5

CPE	Name	Operator	Version
symantec:proxysg_firmware	symantec proxysg firmware	lt	4.2.6.1
symantec:proxysg_firmware	symantec proxysg firmware	lt	5.2.2.5

References

secunia.com/advisories/27452

www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability

www.securitytracker.com/id?1018888

www.vupen.com/english/advisories/2007/3678

exchange.xforce.ibmcloud.com/vulnerabilities/38213

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for CVE-2007-5796

cvelist1 prion1 nvd1