5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.953 High
EPSS
Percentile
99.4%
According to its self-reported version number, the Blue Coat ProxyAV firmware installed on the remote device is 3.5.x prior to 3.5.4.1. It is, therefore, affected by the following vulnerabilities in the bundled version of OpenSSL :
A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)
A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(93410);
script_version("1.7");
script_cvs_date("Date: 2019/11/14");
script_cve_id("CVE-2015-3194", "CVE-2015-3195");
script_bugtraq_id(78623, 78626);
script_xref(name:"IAVA", value:"2016-A-0229");
script_name(english:"Blue Coat ProxyAV 3.5.x < 3.5.4.1 Multiple DoS Vulnerabilities");
script_summary(english:"Checks the version of Blue Coat ProxyAV.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by multiple denial of service
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Blue Coat ProxyAV
firmware installed on the remote device is 3.5.x prior to 3.5.4.1. It
is, therefore, affected by the following vulnerabilities in the
bundled version of OpenSSL :
- A NULL pointer dereference flaw exists in file
rsa_ameth.c due to improper handling of ASN.1 signatures
that are missing the PSS parameter. A remote attacker
can exploit this to cause the signature verification
routine to crash, resulting in a denial of service
condition. (CVE-2015-3194)
- A flaw exists in the ASN1_TFLG_COMBINE implementation in
file tasn_dec.c related to handling malformed
X509_ATTRIBUTE structures. A remote attacker can exploit
this to cause a memory leak by triggering a decoding
failure in a PKCS#7 or CMS application, resulting in a
denial of service. (CVE-2015-3195)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://bto.bluecoat.com/security-advisory/sa105");
script_set_attribute(attribute:"solution", value:
"Upgrade to Blue Coat ProxyAV version 3.5.4.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3195");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/03");
script_set_attribute(attribute:"patch_publication_date", value:"2016/01/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/09");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:bluecoat:proxyav");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("bluecoat_proxy_av_version.nasl");
script_require_keys("www/bluecoat_proxyav");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http_func.inc");
port = get_kb_item_or_exit("www/bluecoat_proxyav");
ver = get_kb_item_or_exit("www/bluecoat_proxyav/" + port + "/version");
url = build_url(port:port, qs:"/");
if (ver !~ "^3\.5\.")
audit(AUDIT_WEB_APP_NOT_AFFECTED, "Blue Coat ProxyAV", url, ver);
fix = "3.5.4.1";
if (ver_compare(ver:ver, fix:fix, strict:FALSE) < 0)
{
report =
'\n URL : ' + url +
'\n Installed version : ' + ver +
'\n Fixed version : 3.5.4.1' +
'\n';
security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, "Blue Coat ProxyAV", url, ver);
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.953 High
EPSS
Percentile
99.4%