Sign-up

ID

VAR-201706-0069


CVE

CVE-2016-6594


TITLE

plural Blue Coat Vulnerabilities that prevent blocked requests in the product

Trust: 0.8

sources: JVNDB: JVNDB-2016-008649

DESCRIPTION

Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. BlueCoatAdvancedSecureGateway, CacheFlow and ProxySG are products of BlueCoatSystems, USA. BlueCoatAdvancedSecureGateway is a secure web gateway device; CacheFlow is a network accelerator; ProxySG is a switch. BlueCoatAdvancedSecureGateway, CacheFlow, and ProxySG have security vulnerabilities. Multiple Blue Coat products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The following products are vulnerable: Blue Coat ProxySG 6.5 and 6.6 Blue Coat ASG 6.6 Blue Coat CacheFlow 3.4

Trust: 2.52

sources: NVD: CVE-2016-6594 // JVNDB: JVNDB-2016-008649 // CNVD: CNVD-2017-15526 // BID: 91404 // VULHUB: VHN-95414

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-15526

AFFECTED PRODUCTS

vendor:bluecoatmodel:proxysgscope:eqversion:6.5

Trust: 1.6

vendor:bluecoatmodel:cacheflowscope:eqversion:3.4

Trust: 1.6

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 1.6

vendor:bluecoatmodel:proxysgscope:eqversion:6.6

Trust: 1.6

vendor:bluemodel:coat systems proxysgscope:eqversion:6.5

Trust: 0.9

vendor:bluemodel:coat systems proxysgscope:eqversion:6.6

Trust: 0.9

vendor:bluemodel:coat systems advanced secure gatewayscope:eqversion:6.6

Trust: 0.9

vendor:bluemodel:coat systems cacheflowscope:eqversion:3.4

Trust: 0.9

vendor:blue coatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 0.8

vendor:blue coatmodel:cacheflowscope:eqversion:3.4

Trust: 0.8

vendor:blue coatmodel:proxysgscope:eqversion:6.5

Trust: 0.8

vendor:blue coatmodel:proxysgscope:eqversion:6.6

Trust: 0.8

sources: CNVD: CNVD-2017-15526 // BID: 91404 // JVNDB: JVNDB-2016-008649 // CNNVD: CNNVD-201706-293 // NVD: CVE-2016-6594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6594
value: HIGH

Trust: 1.0

NVD: CVE-2016-6594
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-15526
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-293
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95414
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6594
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-15526
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95414
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6594
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-15526 // VULHUB: VHN-95414 // JVNDB: JVNDB-2016-008649 // CNNVD: CNNVD-201706-293 // NVD: CVE-2016-6594

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

sources: VULHUB: VHN-95414 // JVNDB: JVNDB-2016-008649 // NVD: CVE-2016-6594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-293

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201706-293

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008649

PATCH
title:SA130 : Security Control Bypass Vulnerability in ProxySG, ASG, and CacheFlowurl:https://www.symantec.com/security-center/network-protection-security-advisories/SA130
Trust: 0.8
title:A variety of BlueCoat products safely bypass the patch of the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/98416
Trust: 0.6
title:Blue Coat Advanced Secure Gateway , CacheFlow  and ProxySG Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71216
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-15526 // 
            
            
            
            JVNDB: JVNDB-2016-008649 // 
            
            
            
            CNNVD: CNNVD-201706-293

EXTERNAL IDS
db:NVDid:CVE-2016-6594
Trust: 3.1
db:BIDid:91404
Trust: 2.0
db:JVNDBid:JVNDB-2016-008649
Trust: 0.8
db:CNNVDid:CNNVD-201706-293
Trust: 0.7
db:CNVDid:CNVD-2017-15526
Trust: 0.6
db:VULHUBid:VHN-95414
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-15526 // 
            
            
            
            VULHUB: VHN-95414 // 
            
            
            
            BID: 91404 // 
            
            
            
            JVNDB: JVNDB-2016-008649 // 
            
            
            
            CNNVD: CNNVD-201706-293 // 
            
            
            
            NVD: CVE-2016-6594

REFERENCES
url:https://bto.bluecoat.com/security-advisory/sa130
Trust: 2.0
url:http://www.securityfocus.com/bid/91404
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6594
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-6594
Trust: 0.8
url:https://www.bluecoat.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-15526 // 
            
            
            
            VULHUB: VHN-95414 // 
            
            
            
            BID: 91404 // 
            
            
            
            JVNDB: JVNDB-2016-008649 // 
            
            
            
            CNNVD: CNNVD-201706-293 // 
            
            
            
            NVD: CVE-2016-6594

CREDITS
Mike Brooks and Nathan Fowler.
Trust: 0.3
sources:
            
            
            BID: 91404

SOURCES
db:CNVDid:CNVD-2017-15526
db:VULHUBid:VHN-95414
db:BIDid:91404
db:JVNDBid:JVNDB-2016-008649
db:CNNVDid:CNNVD-201706-293
db:NVDid:CVE-2016-6594

LAST UPDATE DATE
2024-11-23T22:26:45.463000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-15526date:2017-07-20T00:00:00
db:VULHUBid:VHN-95414date:2017-06-24T00:00:00
db:BIDid:91404date:2016-06-23T00:00:00
db:JVNDBid:JVNDB-2016-008649date:2017-07-06T00:00:00
db:CNNVDid:CNNVD-201706-293date:2017-07-06T00:00:00
db:NVDid:CVE-2016-6594date:2024-11-21T02:56:24.110

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-15526date:2017-07-20T00:00:00
db:VULHUBid:VHN-95414date:2017-06-08T00:00:00
db:BIDid:91404date:2016-06-23T00:00:00
db:JVNDBid:JVNDB-2016-008649date:2017-07-06T00:00:00
db:CNNVDid:CNNVD-201706-293date:2017-06-08T00:00:00
db:NVDid:CVE-2016-6594date:2017-06-08T20:29:00.280