The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1032149 | Third Party Advisory VDB Entry |
https://bto.bluecoat.com/security-advisory/sa93 | Vendor Advisory |
https://twitter.com/bugch3ck/status/591492380294979585 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2015-12-07 20:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-4334
Mitre link : CVE-2015-4334
CVE.ORG link : CVE-2015-4334
JSON object : View
Products Affected
symantec
- proxysg_firmware
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor