Security Advisories

Cross-site Scripting Vulnerability in ProxySG Management Console

Date:
29 October 2007

Severity:
Medium

Description:
A cross-site scripting (XSS) vulnerability has been reported in the handling of the URL that loads Certificate Revocation Lists into the appliance via the management console. If the URL is malformed in certain ways, the malformed text is treated as HTML and displayed to the user, instead of an error message being generated.

A workaround is for administrators to never visit any untrusted site while logged into the ProxySG management console.

Fixed in:
4.2.6.1, 5.2.2.5

Additional information:
Blue Coat Systems wishes to thank Adrian Pastor of ProCheckUp for working with us to resolve this issue.