Symantec ProxySG 6.5 < 6.5.10.15 / 6.6 < 6.7.4.2 XSS and Information Disclosure Vulnerabilities (SA1472)

The self-reported SGOS version installed on the remote Symantec ProxySG device is 6.5.x prior to 6.5.10.15 or 6.6.x prior to 6.7.4.2. It is, therefore, affected by the following vulnerabilities: - A cross-site scripting XSS vulnerability in ProxySG FTP proxy WebFTP mode. An authenticated, remote...

Blue Coat Systems ProxySG SGOS信息泄露漏洞

No description provided by source...

Blue Coat Systems ProxySG SGOS Information Disclosure Vulnerability

Blue Coat Systems ProxySG is a suite of secure Web gateway appliances from Blue Coat Systems, USA. The appliance provides user authentication, Web filtering, and data loss protection to control all Web traffic. A security vulnerability exists in the default configuration of SGOS in Blue Coat...

CVE-2015-4334

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...

Default configuration

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...

CVE-2015-4334

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...

CVE-2015-4334

CVE-2015-4334 affects Blue Coat ProxySG SGOS when deployed as an explicit proxy. The default configuration forwards authentication challenges from upstream origin content servers, enabling a remote attacker to obtain sensitive information via HTTP 407 responses. Affected SGOS versions are before ...

Blue Coat ProxySG 6.5.x / 6.2.x / 5.5 OpenSSL Vulnerability (FREAK)

The remote Blue Coat ProxySG device's self-reported SGOS version is 6.5 prior to 6.5.6.2, or version 6.2 prior to 6.2.16.3, or else any version of 5.5. Therefore, it contains a bundled version of OpenSSL affected by a security feature bypass vulnerability, known as FREAK Factoring attack on...

Blue Coat ProxySG 6.4.x OpenSSL Security Bypass

The remote Blue Coat ProxySG device's SGOS self-reported version is 6.4 prior to 6.4.6.4. It, therefore, contains a bundled version of OpenSSL that has multiple flaws, including an unspecified error that could allow an attacker to cause usage of weak keying material leading to simplified...

CVE-2014-2033

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...

Design/Logic Flaw

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...

CVE-2014-2033

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...

CVE-2014-2033

The CVE-2014-2033 issue affects Blue Coat ProxySG SGOS caching. The vulnerability allows remote authenticated users to bypass access controls in a time window after account deletion or modification by abusing knowledge of previously valid credentials. Affected software includes ProxySG SGOS versi...

Blue Coat ProxySG Recursive HTTP Pipeline Pre-Fetch Remote DoS

According to its self-reported version number, the Security Gateway OS SGOS version installed on the remote Blue Coat ProxySG device is potentially affected by a denial of service vulnerability caused by a large amount of HTTP RW pipeline pre-fetch requests. Note that only devices with forward or...

Blue Coat ProxySG Unspecified XSS

The remote Blue Coat ProxySG device's SGOS self-reported version is earlier than 4.3.4.1, 5.3.x/5.4.x earlier than 5.4.5.1, 5.5.x earlier than 5.5.4.1 or 6.x earlier than 6.1.1.1. It is, therefore, reportedly affected by an unspecified cross-site scripting vulnerability. C Tenable Network Securit...

Blue Coat ProxySG Core File Information Disclosure

The remote Blue Coat ProxySG device's SGOS self-reported version is 6.1.x earlier than 6.1.5.1 or 6.2.x earlier than 6.2.2.1. It is, therefore, potentially affected by an information disclosure vulnerability. Exported core files are unencrypted, contain sensitive information and could be used to...

Symantec (Blue Coat) ProxySG SGOS Version

The remote host is running SGOS, an operating system for Symantec Blue Coat ProxySG devices. It is possible to read the ProxySG SGOS version number by connecting to the device via SSH. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid68992; scriptversion"1.11";...

CVE-2011-5126

Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file...

Heap overflow

Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file...

Design/Logic Flaw

The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities...