| Vulnerability Name: | CVE-2015-4334 (CCN-102552) | ||||||||
| Assigned: | 2015-04-14 | ||||||||
| Published: | 2015-04-14 | ||||||||
| Updated: | 2019-02-12 | ||||||||
| Summary: | The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-4334 Source: SECTRACK Type: Third Party Advisory, VDB Entry 1032149 Source: CCN Type: Blue Coat Security Advisory SA93 NTLM credential disclosure for proxy users Source: CONFIRM Type: Vendor Advisory https://bto.bluecoat.com/security-advisory/sa93 Source: XF Type: UNKNOWN bluecoat-proxysg-ntlm-info-disc(102552) Source: MISC Type: Third Party Advisory https://twitter.com/bugch3ck/status/591492380294979585 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||