Vulnerabilities > CVE-2015-8597 - Unspecified vulnerability in Bluecoat Advanced Secure Gateway and Proxysg

CVSS 7.4 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

bluecoat

NVD

Published: 2016-01-08

Updated: 2024-11-21

Summary

Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%."

Vulnerable Configurations

Part	Description	Count
Application	Bluecoat Bluecoat Proxysg 6.5 Bluecoat Proxysg 6.5.8.7 Bluecoat Advanced Secure Gateway 6.6	3

References

http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/
http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/
http://www.securitytracker.com/id/1034506
http://www.securitytracker.com/id/1034506
https://bto.bluecoat.com/security-advisory/sa107
https://bto.bluecoat.com/security-advisory/sa107