CVE-2006-0578

Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.secumind.net/content/french/modules/news/article.php?storyid=8	Vendor Advisory
http://secunia.com/advisories/18622	Vendor Advisory
http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html
http://securitytracker.com/id?1015644
http://www.osvdb.org/22853
http://www.vupen.com/english/advisories/2006/0401
https://exchange.xforce.ibmcloud.com/vulnerabilities/24446

Configurations

Configuration 1 (hide)

cpe:2.3:o:bluecoat:sgos:4.1.2.1:*:*:*:*:*:*:*

Information

Published : 2006-02-07 17:02

Updated : 2018-10-30 09:25

NVD link : CVE-2006-0578

Mitre link : CVE-2006-0578

JSON object : View

CWE

NVD-CWE-Other

Products Affected

bluecoat

sgos

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=8", "name": "http://www.secumind.net/content/french/modules/news/article.php?storyid=8", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/18622", "name": "18622", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html", "name": "http://www.bluecoat.com/support/knowledge/advisory_connect_denial_ignore.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1015644", "name": "1015644", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.osvdb.org/22853", "name": "22853", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/0401", "name": "ADV-2006-0401", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24446", "name": "proxysg-connect-bypass-security(24446)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0578", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-02-08T01:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:bluecoat:sgos:4.1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}

7.5 /10