Vulnerability Details CVE-2015-8597
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.2%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 5.8
References
- http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/
- http://www.securitytracker.com/id/1034506
- https://bto.bluecoat.com/security-advisory/sa107
- http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/
- http://www.securitytracker.com/id/1034506
- https://bto.bluecoat.com/security-advisory/sa107