Blue Coat ProxySG Core Files Local Information Disclosure Vulnerability


Description   A vulnerability has been identified in Blue Coat ProxySG, which could be exploited by local attackers to gain knowledge of sensitive information. This issue is caused due to data in the secure heap being written to core files, which could allow malicious users to disclose authentication materials for end users who are currently authenticated using HTTP basic authentication and keys that are currently in use.
     
Vulnerable Products   Vulnerable Software:
Blue Coat ProxySG version 6.1Blue Coat ProxySG version 6.2
     
Solution   Upgrade to version 6.2.2.1 :https://bto.bluecoat.com/download/product/7375
     
CVE  
     
References   https://kb.bluecoat.com/index?page=content&id=SA56&actp=LIST
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2011-06-20 

 Target Type 
Server 

 Possible exploit 
Local