Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.BLUECOAT_PROXY_SG_6_1_1_1.NASL
HistoryJul 22, 2013 - 12:00 a.m.

Blue Coat ProxySG Unspecified XSS

2013-07-2200:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
17

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.4%

JSON

The remote Blue Coat ProxySG device’s SGOS self-reported version is earlier than 4.3.4.1, 5.3.x/5.4.x earlier than 5.4.5.1, 5.5.x earlier than 5.5.4.1 or 6.x earlier than 6.1.1.1. It is, therefore, reportedly affected by an unspecified cross-site scripting vulnerability.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(68994);
  script_version("1.7");
  script_cvs_date("Date: 2018/06/27 18:42:25");

  script_cve_id("CVE-2010-5192");
  script_bugtraq_id(43675);

  script_name(english:"Blue Coat ProxySG Unspecified XSS");
  script_summary(english:"Checks the Blue Coat ProxySG SGOS version");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by a cross-site scripting
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Blue Coat ProxySG device's SGOS self-reported version is
earlier than 4.3.4.1, 5.3.x/5.4.x earlier than 5.4.5.1, 5.5.x earlier
than 5.5.4.1 or 6.x earlier than 6.1.1.1.  It is, therefore, reportedly
affected by an unspecified cross-site scripting vulnerability.");
  # Security advisory SA47
  script_set_attribute(attribute:"see_also", value:"https://kb.bluecoat.com/index?page=content&id=SA47");
  script_set_attribute(attribute:"solution", value:"Upgrade to version 4.3.4.1 / 5.4.5.1 / 6.1.1.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:bluecoat:sgos");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/22");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
  script_family(english:"Firewalls");

  script_dependencies("bluecoat_proxy_sg_version.nasl");
  script_require_keys("Host/BlueCoat/ProxySG/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version    = get_kb_item_or_exit("Host/BlueCoat/ProxySG/Version");
ui_version = get_kb_item("Host/BlueCoat/ProxySG/UI_Version");

if (version =~ "^4\.3\.")
{
  fix    = '4.3.4.1';
  ui_fix = '4.3.4.1 Build 0';
}
else if (version =~ "^5\.[0-3]\." || version =~ "^5\.4\.")
{
  fix    = '5.4.5.1';
  ui_fix = '5.4.5.1 Build 0';
}
else if (version =~ "^5\.5\.")
{
  fix    = '5.5.4.1';
  ui_fix = '5.5.4.1 Build 0';
}
else if (version =~ "^6\.")
{
  fix    = '6.1.1.1';
  ui_fix = '6.1.1.1 Build 0';
}
# If very low version (0.x - 4.2.x) just recommend latest update
else
{
  fix    = '6.1.1.1';
  ui_fix = '6.1.1.1 Build 0';
}

if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
  set_kb_item(name:'www/0/XSS', value:TRUE);
  if (report_verbosity > 0)
  {
    # Select format for output
    if (isnull(ui_version))
    {
      report_ver = version;
      report_fix = fix;
    }
    else
    {
      report_ver = ui_version;
      report_fix = ui_fix;
    }

    report =
      '\n  Installed version : ' + report_ver +
      '\n  Fixed version     : ' + report_fix +
      '\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
bluecoatsgoscpe:/o:bluecoat:sgos

Related

cvelist 1
nvd 1
cve 1
prion 1
cvelist
cvelist
CVE-2010-5192
2012-08-26 19:00:00
nvd
nvd
CVE-2010-5192
2012-08-26 19:55:01
cve
cve
CVE-2010-5192
2012-08-26 19:55:01
prion
prion
Cross site scripting
2012-08-26 19:55:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.4%

JSON
Related for BLUECOAT_PROXY_SG_6_1_1_1.NASL
cvelist1nvd1cve1prion1