Lucene search

[email protected]NVD:CVE-2015-4334

HistoryDec 07, 2015 - 8:59 p.m.

CVE-2015-4334

2015-12-0720:59:05

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

49.6%

JSON

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.

Affected configurations

Nvd

Node

symantecproxysg_firmwareRange6.2–6.2.16.4

symantecproxysg_firmwareRange6.5–6.5.7.0

symantecproxysg_firmwareRange6.6–6.6.2.0

VendorProductVersionCPE
symantecproxysg_firmware*cpe:2.3:o:symantec:proxysg_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	proxysg_firmware	*	cpe:2.3:o:symantec:proxysg_firmware::::::::

References

www.securitytracker.com/id/1032149

bto.bluecoat.com/security-advisory/sa93

twitter.com/bugch3ck/status/591492380294979585

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

49.6%

JSON

Related for NVD:CVE-2015-4334

prion1 cvelist1 cve1