Vulnerabilities > CVE-2015-8597 - Open Redirection vulnerability in Bluecoat Advanced Secure Gateway and Proxysg

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

bluecoat

NVD

Published: 2016-01-08

Updated: 2016-01-13

Summary

Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

Vulnerable Configurations

Part	Description	Count
Application	Bluecoat Bluecoat Proxysg 6.5.8.7 Bluecoat Advanced Secure Gateway 6.6	2

References

http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/
http://www.securitytracker.com/id/1034506
https://bto.bluecoat.com/security-advisory/sa107