The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1032149 | Third Party Advisory VDB Entry |
https://bto.bluecoat.com/security-advisory/sa93 | Vendor Advisory |
https://twitter.com/bugch3ck/status/591492380294979585 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-12-07T20:00:00
Updated: 2015-12-07T20:57:01
Reserved: 2015-06-04T00:00:00
Link: CVE-2015-4334
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-12-07T20:59:05.900
Modified: 2019-02-12T19:10:36.207
Link: CVE-2015-4334
JSON object: View
Redhat Information
No data.
CWE