Authentication Flaw in Blue Coat ProxySG Affects Upstream Origin Content Servers
CVE-2015-4334

Currently unrated

Key Information:

Vendor

Symantec
Status
Proxysg Firmware
Vendor
CVE Published:
7 December 2015

What is CVE-2015-4334?

The default configuration of Blue Coat ProxySG in versions prior to 6.2.16.5, 6.5 prior to 6.5.7.1, and 6.6 prior to 6.6.2.1 allows for unintended forwarding of authentication challenges from upstream origin content servers during explicit proxy operations. This misconfiguration could enable remote attackers to leverage the 407 Proxy Authentication Required response to extract sensitive information, particularly when NTLM authentication is utilized. This presents a significant risk, emphasizing the need for careful configuration management and security practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id/1032149
vdb-entryx_refsource_SECTRACK
https://twitter.com/bugch3ck/status/591492380294979585
x_refsource_MISC
https://bto.bluecoat.com/security-advisory/sa93
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.