CVE-2004-2397

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
References
Link Resource
http://secunia.com/advisories/11627 Broken Link Patch Vendor Advisory
http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html Broken Link Patch Vendor Advisory
http://www.osvdb.org/6218 Broken Link
http://www.securityfocus.com/bid/10371 Broken Link Patch Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/16182 Third Party Advisory VDB Entry
http://secunia.com/advisories/11627 Broken Link Patch Vendor Advisory
http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html Broken Link Patch Vendor Advisory
http://www.osvdb.org/6218 Broken Link
http://www.securityfocus.com/bid/10371 Broken Link Patch Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/16182 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:broadcom:bluecoat_security_gateway:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:bluecoat_security_gateway:3.2.1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:53

Type Values Removed Values Added
References () http://secunia.com/advisories/11627 - Broken Link, Patch, Vendor Advisory () http://secunia.com/advisories/11627 - Broken Link, Patch, Vendor Advisory
References () http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html - Broken Link, Patch, Vendor Advisory () http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html - Broken Link, Patch, Vendor Advisory
References () http://www.osvdb.org/6218 - Broken Link () http://www.osvdb.org/6218 - Broken Link
References () http://www.securityfocus.com/bid/10371 - Broken Link, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/10371 - Broken Link, Patch, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/16182 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/16182 - Third Party Advisory, VDB Entry

13 Feb 2024, 16:17

Type Values Removed Values Added
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16182 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16182 - Third Party Advisory, VDB Entry
References (OSVDB) http://www.osvdb.org/6218 - (OSVDB) http://www.osvdb.org/6218 - Broken Link
References (CONFIRM) http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html - Patch, Vendor Advisory (CONFIRM) http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html - Broken Link, Patch, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/10371 - Patch (BID) http://www.securityfocus.com/bid/10371 - Broken Link, Patch, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/11627 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/11627 - Broken Link, Patch, Vendor Advisory
CPE cpe:2.3:o:bluecoat:security_gateway_os:3.1.2.2:*:*:*:*:*:*:*
cpe:2.3:o:bluecoat:security_gateway_os:3.1:*:*:*:*:*:*:*
cpe:2.3:o:bluecoat:security_gateway_os:3.1.3.2:*:*:*:*:*:*:*
cpe:2.3:o:bluecoat:security_gateway_os:3.1.3.13:*:*:*:*:*:*:*
cpe:2.3:o:bluecoat:security_gateway_os:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:bluecoat:security_gateway_os:3.0:*:*:*:*:*:*:*
cpe:2.3:o:bluecoat:security_gateway_os:3.1.3.7:*:*:*:*:*:*:*
cpe:2.3:o:bluecoat:security_gateway_os:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:bluecoat_security_gateway:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:bluecoat_security_gateway:*:*:*:*:*:*:*:*
First Time Broadcom bluecoat Security Gateway
Broadcom
CVSS v2 : 5.0
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE NVD-CWE-Other CWE-312

Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:53


NVD link : CVE-2004-2397

Mitre link : CVE-2004-2397

CVE.ORG link : CVE-2004-2397


JSON object : View

Products Affected

broadcom

  • bluecoat_security_gateway
CWE
CWE-312

Cleartext Storage of Sensitive Information