Vulnerability Name:

CVE-2007-1685 (CCN-34773)

Assigned:2007-06-08
Published:2007-06-08
Updated:2018-10-16
Summary:Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Fri Jun 08 2007 - 01:59:50 CDT
CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow

Source: FULLDISC
Type: UNKNOWN
20070608 Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow

Source: MITRE
Type: CNA
CVE-2007-1685

Source: FULLDISC
Type: UNKNOWN
20070608 CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow

Source: OSVDB
Type: UNKNOWN
37186

Source: CCN
Type: SA25593
Blue Coat K9 Web Protection Management Service Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
25593

Source: CCN
Type: SECTRACK ID: 1018210
Blue Coat Systems K9 Web Protection Buffer Overflow May Let Remote Users Execute Arbitrary Code

Source: CCN
Type: CSIS Security Research and Intelligence Advisory
BlueCoat K9 Web Protection 3.2.36 Overflow

Source: MISC
Type: UNKNOWN
http://www.csis.dk/dk/forside/Bluecoat-k9.pdf

Source: CCN
Type: K9 Web Protection Web site
K9 Web Protection - Download

Source: CERT-VN
Type: US Government Resource
VU#271601

Source: CCN
Type: OSVDB ID: 37186
Blue Coat K9 Web Protection k9filter.exe HTTP Get Request Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20070608 CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow

Source: BID
Type: UNKNOWN
24373

Source: CCN
Type: BID-24373
Blue Coat Systems K9 Web Protection Remote Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018210

Source: VUPEN
Type: UNKNOWN
ADV-2007-2104

Source: XF
Type: UNKNOWN
bluecoat-management-interface-bo(34773)

Source: XF
Type: UNKNOWN
bluecoat-management-interface-bo(34773)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:bluecoat:k9_web_protection:3.2.36:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:bluecoat:k9_web_protection:3.2.36:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    bluecoat k9 web protection 3.2.36
    bluecoat k9 web protection 3.2.36