Back to search
CVE-2015-4334
Published: Dec 7, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1032149
vdb-entry
x_refsource_SECTRACK
https://twitter.com/bugch3ck/status/591492380294979585
x_refsource_MISC
https://bto.bluecoat.com/security-advisory/sa93
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now