Vulnerability Name: | CVE-2015-8597 (CCN-109133) | ||||||||||||
Assigned: | 2015-12-17 | ||||||||||||
Published: | 2015-12-17 | ||||||||||||
Updated: | 2016-01-13 | ||||||||||||
Summary: | Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | ||||||||||||
CVSS v3 Severity: | 7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) 6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-8597 Source: MISC Type: Exploit http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/ Source: SECTRACK Type: UNKNOWN 1034506 Source: CCN Type: Blue Coat Security Advisory SA107 ProxySG Coaching Page Redirect Source: CONFIRM Type: Vendor Advisory https://bto.bluecoat.com/security-advisory/sa107 Source: XF Type: UNKNOWN bluecoat-proxysg-open-redirect(109133) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |