CVE-2008-4515

Blue Coat Systems K9 Web Protection - Authentication Bypass

Title source: rule

Description

Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript.

References (4)

[Various Sources] http://dicas3000.blogspot.com/2008/10/blue-coat-k9-web-protection-v40230-beta.html

[Mailing List] http://seclists.org/fulldisclosure/2008/Oct/0070.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45696

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31584

Scores

EPSS 0.0040

EPSS Percentile 60.0%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

blue_coat_systems/k9_web_protection

Timeline

Published Oct 09, 2008

Tracked Since Feb 18, 2026