Vulnerability Description
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Proxysg Firmware | >= 6.2, <= 6.2.16.4 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1032149Third Party AdvisoryVDB Entry
- https://bto.bluecoat.com/security-advisory/sa93Vendor Advisory
- https://twitter.com/bugch3ck/status/591492380294979585Third Party Advisory
- http://www.securitytracker.com/id/1032149Third Party AdvisoryVDB Entry
- https://bto.bluecoat.com/security-advisory/sa93Vendor Advisory
- https://twitter.com/bugch3ck/status/591492380294979585Third Party Advisory
FAQ
What is CVE-2015-4334?
CVE-2015-4334 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when us...
How severe is CVE-2015-4334?
CVE-2015-4334 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4334?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Proxysg Firmware.