Security Advisories

October 1, 2010 - Cross Site Scripting vulnerability in ProxySG

Security Advisories ID:    SA47
Version:    12.0
Status:    Published
Published date:    09/29/2010
Updated:    01/17/2012
 

Advisory Status

Final

Advisory Severity

High, CVSS v2 base score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE Number

No CVEs are associated with this vulnerability.

Summary

A remote attacker is able to use script to execute CLI commands on the ProxySG as the administrator.

Affected Products

All versions of ProxySG prior to 6.1 are vulnerable.

Details

ProxySG is vulnerable to reflected (non-persistent) cross site scripting attacks.  User provided data is not validated or sanitized prior to including it in the HTML page returned to the user.  A remote attacker can exploit this vulnerability to inject script that will execute CLI commands as the administrator.  The remote attacker must execute the script within the administrator's browser while the administrator has an active session open with ProxySG.  By default, sessions are terminated after 15 minutes of inactivity. 

Cross site scripting is often used to steal cookies from a browser.  This allows an attacker to impersonate the user on another machine.  ProxySG cookies cannot be used on a different machine and therefore are not vulnerable to cookie theft.

Workarounds

Customers can limit the impact of this vulnerablity in these ways:

  • Ensure the option to enforce web auto-logout is enabled on ProxySG.
  • Manage ProxySG using only the CLI.
  • Use the Java Management Console only from dedicated machines that do not connect to any other internal or external websites.

Patches

ProxySG 6.1 - a fix is available in 6.1.1.1 or later. The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/5351

ProxySG 5.5 - a fix is available in 5.5.4.1.  The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/41.

ProxySG 5.4 - a fix is available in 5.4.5.1.  The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/17.

ProxySG 5.3 - please upgrade to a later release.

ProxySG 4.3 - a fix is available in SGOS 4.3.4.1.  The fix is available to customers with a valid BlueTouch online login from https://bto.bluecoat.com/download/product/13.

For information on how to upgrade SGOS, please see KB3608.  If you do not have a BlueTouch Online login, please search the knowledge base for "bto login".

References

The vulnerability was discovered and reported by Patrick Fleming at FishNet Security.

Advisory History

2012-01-17 Notification that no fix will be provided for 5.3.  Changed status to final.

2011-02-17  Notification of fix in SGOS 4.3.4.1.  Updated SGOS 5.5 fix information to show the issue is resolved in SGOS 5.5.4.1 GA release and the accompanying link was also updated.  Updated SGOS 5.3 fix information to suggest upgrading to a newer version of SGOS to get the fix.  Added link to KB3608 on how to upgrade SGOS.

2010-11-01 Notification of fix in 5.5.3.5 patch release.

2010-10-28 Credited Patrick Fleming for discovering and reporting the vulnerability.

2010-10-27 Notification of ProxySG version 5.4.5.1 patch release being promoted to GA release.

2010-10-15 Notificaiton of fix in 5.4.5.1 patch release.

2010-10-12 Added additional details and another workaround.

2010-10-07 Added a workaround.

2010-10-01 Initial public release.

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question