Vulnerabilities > Bluecoat
|2017-06-08||CVE-2016-6594|| 7PK - Security Features vulnerability in Bluecoat Advanced Secure Gateway, Cacheflow and Proxysg |
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
| 5.0 |
|2017-04-11||CVE-2016-10259|| Resource Management Errors vulnerability in Bluecoat products |
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 126.96.36.199, and 3.11 before 188.8.131.52 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections.
| 4.3 |
|2017-04-05||CVE-2016-9091|| OS Command Injection vulnerability in Bluecoat products |
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 184.108.40.206 and Content Analysis System (CAS) 1.3 before 220.127.116.11 are susceptible to an OS command injection vulnerability.
| 9.0 |
|2016-01-08||CVE-2015-8597|| Open Redirection vulnerability in Bluecoat Advanced Secure Gateway and Proxysg |
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 18.104.22.168 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
| 5.8 |
|2015-12-07||CVE-2015-8482|| Permissions, Privileges, and Access Controls vulnerability in Bluecoat Unified Agent 4.1.3/4.6.1 |
Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors.
| 2.1 |
|2015-02-02||CVE-2015-1454|| Cryptographic Issues vulnerability in Bluecoat Proxyclient and Unified Agent |
Blue Coat ProxyClient before 22.214.171.124 and 3.4.x before 126.96.36.199 and Unified Agent before 188.8.131.52952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.
| 7.1 |
|2014-04-30||CVE-2014-2565|| OS Command Injection vulnerability in Bluecoat products |
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 184.108.40.206 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."
| 6.5 |
|2014-03-02||CVE-2014-2033|| Permissions, Privileges, and Access Controls vulnerability in Bluecoat Proxysgos |
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 220.127.116.11, 6.1 through 18.104.22.168, 6.2 through 22.214.171.124, 6.4 through 126.96.36.199, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.
| 7.9 |
|2013-09-28||CVE-2013-5959|| Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bluecoat Proxysg and Proxysgos |
Blue Coat ProxySG before 188.8.131.52, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests.
| 7.1 |
|2012-08-26||CVE-2011-5127|| Path Traversal vulnerability in Bluecoat Reporter |
Directory traversal vulnerability in Blue Coat Reporter 9.x before 184.108.40.206, 9.2.5.x before 220.127.116.11, and 9.3 before 18.104.22.168 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.
| 10.0 |