Sign-up

ID

VAR-200412-0293


CVE

CVE-2004-2397


TITLE

Blue Coat Systems SGOS Private Key Disclosure Vulnerability

Trust: 0.9

sources: BID: 10371 // CNNVD: CNNVD-200412-808

DESCRIPTION

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. The issue reportedly occurs when the private key is imported through the web-based administrative interface. This will cause the private key and passphrase to logged in plaintext, potentially exposing this issue to other local users. It is also reported that certain administrative actions or configurations could also expose this information to other unauthorized parties, though specific details have not been publicized at this time. Blue Coat Systems' products are purpose-built appliances optimized for the specific application of Web acceleration and security. Attackers may obtain these sensitive information and control the device

Trust: 1.26

sources: NVD: CVE-2004-2397 // BID: 10371 // VULHUB: VHN-10825

AFFECTED PRODUCTS

vendor:broadcommodel:bluecoat security gatewayscope:gteversion:3.0

Trust: 1.0

vendor:broadcommodel:bluecoat security gatewayscope:eqversion:3.2.1

Trust: 1.0

vendor:broadcommodel:bluecoat security gatewayscope:lteversion:3.1.3.13

Trust: 1.0

vendor:bluecoatmodel:security gateway osscope:eqversion:3.1.3.2

Trust: 0.6

vendor:bluecoatmodel:security gateway osscope:eqversion:3.1

Trust: 0.6

vendor:bluecoatmodel:security gateway osscope:eqversion:3.1.3.7

Trust: 0.6

vendor:bluecoatmodel:security gateway osscope:eqversion:3.2.1

Trust: 0.6

vendor:bluecoatmodel:security gateway osscope:eqversion:3.1.3.13

Trust: 0.6

vendor:bluecoatmodel:security gateway osscope:eqversion:3.1.2.2

Trust: 0.6

vendor:bluecoatmodel:security gateway osscope:eqversion:3.1.2

Trust: 0.6

vendor:bluecoatmodel:security gateway osscope:eqversion:3.0

Trust: 0.6

vendor:bluemodel:coat systems security gateway osscope:eqversion:3.2.1

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:eqversion:3.1.3.7

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:eqversion:3.1.3.2

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:eqversion:3.1.3.13

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:eqversion:3.1.2.2

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:eqversion:3.1.2

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:eqversion:3.1

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:eqversion:3.0

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:neversion:3.2.1.1

Trust: 0.3

vendor:bluemodel:coat systems security gateway osscope:neversion:3.1.3.14

Trust: 0.3

sources: BID: 10371 // CNNVD: CNNVD-200412-808 // NVD: CVE-2004-2397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2397
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-808
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10825
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-2397
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10825
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2004-2397
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-10825 // CNNVD: CNNVD-200412-808 // NVD: CVE-2004-2397

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

sources: NVD: CVE-2004-2397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-808

TYPE

Design Error

Trust: 0.9

sources: BID: 10371 // CNNVD: CNNVD-200412-808

EXTERNAL IDS

db:BIDid:10371

Trust: 2.0

db:NVDid:CVE-2004-2397

Trust: 1.7

db:OSVDBid:6218

Trust: 1.7

db:SECUNIAid:11627

Trust: 1.7

db:CNNVDid:CNNVD-200412-808

Trust: 0.7

db:XFid:16182

Trust: 0.6

db:NSFOCUSid:6461

Trust: 0.6

db:VULHUBid:VHN-10825

Trust: 0.1

sources: VULHUB: VHN-10825 // BID: 10371 // CNNVD: CNNVD-200412-808 // NVD: CVE-2004-2397

REFERENCES

url:http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html

Trust: 2.0

url:http://www.securityfocus.com/bid/10371

Trust: 1.7

url:http://www.osvdb.org/6218

Trust: 1.7

url:http://secunia.com/advisories/11627

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16182

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/16182

Trust: 0.6

url:http://www.nsfocus.net/vulndb/6461

Trust: 0.6

sources: VULHUB: VHN-10825 // BID: 10371 // CNNVD: CNNVD-200412-808 // NVD: CVE-2004-2397

CREDITS

Blue Coat Systems

Trust: 0.6

sources: CNNVD: CNNVD-200412-808

SOURCES

db:VULHUBid:VHN-10825
db:BIDid:10371
db:CNNVDid:CNNVD-200412-808
db:NVDid:CVE-2004-2397

LAST UPDATE DATE

2024-08-14T14:59:24.515000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-10825date:2017-07-11T00:00:00
db:BIDid:10371date:2004-05-18T00:00:00
db:CNNVDid:CNNVD-200412-808date:2005-10-20T00:00:00
db:NVDid:CVE-2004-2397date:2024-02-13T16:17:43.783

SOURCES RELEASE DATE

db:VULHUBid:VHN-10825date:2004-12-31T00:00:00
db:BIDid:10371date:2004-05-18T00:00:00
db:CNNVDid:CNNVD-200412-808date:2004-05-18T00:00:00
db:NVDid:CVE-2004-2397date:2004-12-31T05:00:00