CVE-2015-4334

Published: Dec 7, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.

Affected (3)

Products: Symantec: Proxysg Firmware

1 product

Proxysg Firmware

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Symantec Proxysg Firmware	From 6.2 to 6.2.16.4
Symantec Proxysg Firmware	From 6.5 to 6.5.7.0
Symantec Proxysg Firmware	From 6.6 to 6.6.2.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securitytracker.com/id/1032149

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bto.bluecoat.com/security-advisory/sa93

Source: cve@mitre.org

Vendor Advisory

https://twitter.com/bugch3ck/status/591492380294979585

Source: cve@mitre.org

Third Party Advisory

http://www.securitytracker.com/id/1032149

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bto.bluecoat.com/security-advisory/sa93

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://twitter.com/bugch3ck/status/591492380294979585

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.