Sign-up

ID

VAR-201601-0151


CVE

CVE-2015-8597


TITLE

Blue Coat ProxySG and Advanced Secure Gateway Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006760

DESCRIPTION

Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.". Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlA third party " Clear text " Related to base64 Encoded with URL Any user through Web You may be redirected to a site and run a phishing attack. Both BlueCoatSystemsProxySG and AdvancedSecureGateway are secure Web gateway devices from BlueCoatSystems, USA. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible

Trust: 2.52

sources: NVD: CVE-2015-8597 // JVNDB: JVNDB-2015-006760 // CNVD: CNVD-2016-00217 // BID: 85707 // VULHUB: VHN-86558

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00217

AFFECTED PRODUCTS

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 1.6

vendor:bluecoatmodel:proxysgscope:lteversion:6.5.8.7

Trust: 1.0

vendor:blue coatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 0.8

vendor:blue coatmodel:proxysgscope:ltversion:6.5

Trust: 0.8

vendor:blue coatmodel:proxysgscope:eqversion:6.5.8.8

Trust: 0.8

vendor:blue coatmodel:proxysgscope:eqversion:6.6

Trust: 0.8

vendor:bluemodel:coat systems proxysgscope:eqversion:6.5(<6.5.8.8)

Trust: 0.6

vendor:bluemodel:coat systems proxysgscope:eqversion:6.6

Trust: 0.6

vendor:bluemodel:coat systems advanced secure gatewayscope:eqversion:6.6

Trust: 0.6

vendor:bluecoatmodel:proxysgscope:eqversion:6.5.8.7

Trust: 0.6

sources: CNVD: CNVD-2016-00217 // JVNDB: JVNDB-2015-006760 // CNNVD: CNNVD-201601-135 // NVD: CVE-2015-8597

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8597
value: HIGH

Trust: 1.0

NVD: CVE-2015-8597
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00217
value: LOW

Trust: 0.6

CNNVD: CNNVD-201601-135
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86558
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8597
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00217
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86558
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8597
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-00217 // VULHUB: VHN-86558 // JVNDB: JVNDB-2015-006760 // CNNVD: CNNVD-201601-135 // NVD: CVE-2015-8597

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-006760 // NVD: CVE-2015-8597

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-135

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201601-135

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006760

PATCH
title:SA107url:https://bto.bluecoat.com/security-advisory/sa107
Trust: 0.8
title:Patch for BlueCoatSystemsProxySG and AdvancedSecureGateway Open Redirection Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/69917
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00217 // 
            
            
            
            JVNDB: JVNDB-2015-006760

EXTERNAL IDS
db:NVDid:CVE-2015-8597
Trust: 3.4
db:SECTRACKid:1034506
Trust: 2.3
db:JVNDBid:JVNDB-2015-006760
Trust: 0.8
db:CNNVDid:CNNVD-201601-135
Trust: 0.7
db:CNVDid:CNVD-2016-00217
Trust: 0.6
db:BIDid:85707
Trust: 0.4
db:VULHUBid:VHN-86558
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00217 // 
            
            
            
            VULHUB: VHN-86558 // 
            
            
            
            BID: 85707 // 
            
            
            
            JVNDB: JVNDB-2015-006760 // 
            
            
            
            CNNVD: CNNVD-201601-135 // 
            
            
            
            NVD: CVE-2015-8597

REFERENCES
url:http://www.securitytracker.com/id/1034506
Trust: 2.3
url:http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/
Trust: 2.3
url:https://bto.bluecoat.com/security-advisory/sa107
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8597
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8597
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-00217 // 
            
            
            
            VULHUB: VHN-86558 // 
            
            
            
            JVNDB: JVNDB-2015-006760 // 
            
            
            
            CNNVD: CNNVD-201601-135 // 
            
            
            
            NVD: CVE-2015-8597

CREDITS
Patrick Mattsson from Knowit Secure AB
Trust: 0.3
sources:
            
            
            BID: 85707

SOURCES
db:CNVDid:CNVD-2016-00217
db:VULHUBid:VHN-86558
db:BIDid:85707
db:JVNDBid:JVNDB-2015-006760
db:CNNVDid:CNNVD-201601-135
db:NVDid:CVE-2015-8597

LAST UPDATE DATE
2024-11-23T22:22:47.938000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00217date:2016-01-14T00:00:00
db:VULHUBid:VHN-86558date:2016-01-13T00:00:00
db:BIDid:85707date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006760date:2016-01-14T00:00:00
db:CNNVDid:CNNVD-201601-135date:2016-01-12T00:00:00
db:NVDid:CVE-2015-8597date:2024-11-21T02:38:47.417

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-00217date:2016-01-14T00:00:00
db:VULHUBid:VHN-86558date:2016-01-08T00:00:00
db:BIDid:85707date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006760date:2016-01-14T00:00:00
db:CNNVDid:CNNVD-201601-135date:2016-01-12T00:00:00
db:NVDid:CVE-2015-8597date:2016-01-08T19:59:15.100