Description
Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by T.Suzuki · textremotemultiple
https://www.exploit-db.com/exploits/21649
References (5)
Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5305
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9674.php
Release Notes x_refsource_confirm
http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5608
Scores
EPSS
0.0080
EPSS Percentile
74.2%
Details
Status
published
Products (10)
bluecoat/cacheos
3.1.17
bluecoat/cacheos
3.1.18
bluecoat/cacheos
3.1.19
bluecoat/cacheos
3.1.21
bluecoat/cacheos
4.0
bluecoat/cacheos
4.0.11
bluecoat/cacheos
4.0.12
bluecoat/cacheos
4.0.13
bluecoat/cacheos
4.0.14
bluecoat/cacheos
4.1.6
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026