Lucene search

K

Bluecoat Security Vulnerabilities

cve
cve

CVE-2006-0578

Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection...

6.8AI Score

0.018EPSS

2006-02-08 01:02 AM
23
cve
cve

CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an...

7.2AI Score

0.002EPSS

2004-11-23 05:00 AM
51
cve
cve

CVE-2004-0079

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null...

7.5CVSS

7.1AI Score

0.006EPSS

2004-11-23 05:00 AM
63
cve
cve

CVE-2009-1211

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet...

7AI Score

0.001EPSS

2022-10-03 04:24 PM
21
cve
cve

CVE-2010-5189

Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS...

7.5AI Score

0.003EPSS

2022-10-03 04:21 PM
20
cve
cve

CVE-2010-5190

The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML...

6.8AI Score

0.002EPSS

2022-10-03 04:21 PM
19
cve
cve

CVE-2010-5191

Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the...

7.5AI Score

0.001EPSS

2022-10-03 04:21 PM
23
cve
cve

CVE-2015-8482

Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified...

6.5AI Score

0.0004EPSS

2022-10-03 04:16 PM
20
cve
cve

CVE-2015-1454

Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software...

7AI Score

0.001EPSS

2022-10-03 04:15 PM
20
cve
cve

CVE-2011-5125

Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE...

5.8AI Score

0.001EPSS

2022-10-03 04:15 PM
24
cve
cve

CVE-2011-5124

Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port...

8.3AI Score

0.49EPSS

2022-10-03 04:15 PM
26
cve
cve

CVE-2011-5126

Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core...

6.2AI Score

0.002EPSS

2022-10-03 04:15 PM
23
cve
cve

CVE-2011-5127

Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP...

7.5AI Score

0.023EPSS

2022-10-03 04:15 PM
22
cve
cve

CVE-2016-6594

Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload...

7.5CVSS

7.6AI Score

0.002EPSS

2017-06-08 08:29 PM
19
cve
cve

CVE-2016-10259

Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP...

5.9CVSS

5.7AI Score

0.003EPSS

2017-04-11 02:59 PM
21
cve
cve

CVE-2016-9091

Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system...

7.2CVSS

7.2AI Score

0.015EPSS

2017-04-05 03:59 PM
39
cve
cve

CVE-2015-8597

Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page,...

7.4CVSS

7.3AI Score

0.003EPSS

2016-01-08 07:59 PM
22
cve
cve

CVE-2014-2565

The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command...

7.8AI Score

0.0004EPSS

2014-04-30 02:22 PM
18
cve
cve

CVE-2014-2033

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification...

6.5AI Score

0.003EPSS

2014-03-02 05:55 PM
22
cve
cve

CVE-2013-5959

Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch...

6.7AI Score

0.011EPSS

2013-09-28 07:55 PM
18
cve
cve

CVE-2010-5192

Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.9AI Score

0.003EPSS

2012-08-26 07:55 PM
23
cve
cve

CVE-2008-5121

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the...

6.5AI Score

0.0004EPSS

2008-11-18 12:30 AM
31
cve
cve

CVE-2008-4485

Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the...

5.8AI Score

0.003EPSS

2008-10-08 02:00 AM
26
cve
cve

CVE-2007-1685

Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port...

7.9AI Score

0.238EPSS

2007-06-08 08:30 PM
23
cve
cve

CVE-2007-0796

Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap...

8AI Score

0.161EPSS

2007-02-06 07:28 PM
18
cve
cve

CVE-2005-4085

Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host:...

7.7AI Score

0.578EPSS

2006-01-06 11:00 AM
22
cve
cve

CVE-2005-3654

Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the...

7.8AI Score

0.345EPSS

2006-01-06 12:00 AM
29
cve
cve

CVE-2005-3187

The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds...

6.4AI Score

0.068EPSS

2006-01-05 11:00 PM
26
cve
cve

CVE-2005-1708

templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to...

7AI Score

0.001EPSS

2005-05-24 04:00 AM
22
cve
cve

CVE-2005-1710

Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing...

6AI Score

0.004EPSS

2005-05-24 04:00 AM
20
cve
cve

CVE-2005-1709

Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a...

7.1AI Score

0.038EPSS

2005-05-24 04:00 AM
18
cve
cve

CVE-2004-0081

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test...

7.2AI Score

0.003EPSS

2004-11-23 05:00 AM
48
cve
cve

CVE-2002-1060

Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML,....

6.1AI Score

0.006EPSS

2003-04-02 05:00 AM
47