Vulnerability CVE-2007-5796

Vulnerability Name:

CVE-2007-5796 (CCN-38213)

Assigned:

2007-10-29

Published:

2007-10-29

Updated:

2018-10-26

Summary:

Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Thu Nov 01 2007 - 12:20:04 CDT
Two XSS on Blue Coat ProxySG Management Console

Source: MITRE
Type: CNA
CVE-2007-5796

Source: CCN
Type: SA27452
Blue Coat ProxySG SGOS Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
27452

Source: CCN
Type: SECTRACK ID: 1018888
Blue Coat ProxySG Management Console Input Validation Hole in Processing CRLs Permits Cross-Site Scripting Attacks

Source: CCN
Type: Blue Coat Systems Security Advisory 29 October 2007
Cross-site Scripting Vulnerability in ProxySG Management Console

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability

Source: CCN
Type: OSVDB ID: 38968
Blue Coat ProxySG SGOS Certificate Revocation Lists URL XSS

Source: CCN
Type: OSVDB ID: 50714
Blue Coat ProxySG Management Console /Secure/Local/console/install_upload_from_file.htm file Parameter XSS

Source: CCN
Type: BID-26286
Blue Coat ProxySG Management Console URI Handler Multiple Cross-Site Scripting Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1018888

Source: VUPEN
Type: Third Party Advisory
ADV-2007-3678

Source: XF
Type: Third Party Advisory, VDB Entry
proxysg-management-console-xss(38213)

Source: XF
Type: UNKNOWN
bluecoat-proxysg-management-console-xss(38213)

Vulnerable Configuration:

Configuration 1:

cpe:/o:symantec:proxysg_firmware:*:*:*:*:*:*:*:* (Version < 4.2.6.1)

OR cpe:/o:symantec:proxysg_firmware:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.2.2.5)

AND

cpe:/h:symantec:proxysg:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:bluecoat:proxysg:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK