CVE-2015-4334

Symantec Proxysg Firmware < 6.2.16.4 - Information Disclosure

Title source: rule
STIX 2.1

Description

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032149
Third Party Advisory x_refsource_misc
https://twitter.com/bugch3ck/status/591492380294979585
Vendor Advisory x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa93

Scores

EPSS 0.0058
EPSS Percentile 69.1%

Details

CWE
CWE-200
Status published
Products (1)
symantec/proxysg_firmware 6.2 - 6.2.16.4
Published Dec 07, 2015
Tracked Since Feb 18, 2026