ID

VAR-200711-0397

CVE

CVE-2007-5796

TITLE

Blue Coat ProxySG Management console cross-site scripting vulnerability

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to ProxySG 4.2.6.1 and 5.2.2.5 are vulnerable. NOTE: This BID originally covered one issue, but was updated to also cover a second issue. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Blue Coat ProxySG SGOS Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA27452 VERIFY ADVISORY: http://secunia.com/advisories/27452/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Blue Coat Security Gateway OS (SGOS) 4.x http://secunia.com/product/5419/ Blue Coat Security Gateway OS (SGOS) 5.x http://secunia.com/product/12422/ DESCRIPTION: A vulnerability has been reported in the Blue Coat ProxySG SGOS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to unspecified parameters when loading "Certificate Revocation Lists" via the management console is not properly sanitised before being returned to the user. SOLUTION: Update to version 4.2.6.1 or 5.2.2.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Adrian Pastor of ProCheckUp. ORIGINAL ADVISORY: http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

xss

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

The vendor credits Adrian Pastor with the discovery of this issue.

SOURCES

LAST UPDATE DATE

2024-11-23T23:13:16.820000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE