SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Blue Coat ProxySG Vendors:   Blue Coat Systems
Blue Coat ProxySG Input Validation Hole in ICAP Patience Page Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1020979
SecurityTracker URL:  http://securitytracker.com/id/1020979
CVE Reference:   CVE-2008-4485   (Links to External Site)
Updated:  Oct 10 2008
Original Entry Date:  Oct 3 2008
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 4.2, 5.2, 5.3
Description:   A vulnerability was reported in Blue Coat ProxySG. A remote user can conduct cross-site scripting attacks.

The ICAP patience page does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser.

Juan Pablo Lopez Yacubian reported this vulnerability.

Impact:   A remote user can conduct cross-site scripting attacks.
Solution:   The vendor plans to issue fixed versions (4.2.9, 5.2.5, 5.3.1.7).

The vendor's advisory is available at:

http://www.bluecoat.com/support/securityadvisories/icap_patience

Vendor URL:  www.bluecoat.com/support/securityadvisories/icap_patience (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC