Medium, CVSS v2 base score 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
No CVEs are associated with this vulnerability.
All versions of ProxySG prior to 6.1.2 are vulnerable.
Malicious scripts are commonly encoded in web pages and run without a user's knowledge. ProxySG can be configured to supplement virus scanning of Web content by detecting and removing the HTML tags that launch active content such as Java applets or scripts. In addition the removed content can be replaced with predefined material, also called active content transformation.
Vulnerable SGOS versions only detect these tags and attributes encoded in ASCII. Tags and attributes encoded in other formats will elude detection.
Malicious active content is difficult to distinguish from legitimate active content. ProxySG active content transformation and removal is designed to supplement WebPulse, virus scanners, and browser protections that detect and prevent malicious active content. Customers are encouraged to employ multiple layers of protection to achieve the best results.
ProxySG 6.1 - a fix is available in SGOS 126.96.36.199. The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/5351.
ProxySG 5.5 - a fix is available in SGOS 188.8.131.52. The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/41 .
ProxySG 5.4 - a fix is available in SGOS 184.108.40.206. The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/17.
ProxySG 5.3 - please upgrade to a later version.
ProxySG 4.3 - a interim fix is available in SGOS 220.127.116.11 patch release. The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/patch/77887199809178137864777273807520.
For information on how to upgrade SGOS, please see KB3608.
2011-05-25 Notification of fix in a patch release of ProxySG version 18.104.22.168.
2011-04-26 Minor update to clarify vulnerable versions.
2011-02-17 Notification of fix in ProxySG version 22.214.171.124. Added the fix for SGOS 126.96.36.199. Added link to KB3608.
2010-10-27 Notification of ProxySG version 188.8.131.52 patch release being promoted to GA release.
2010-10-15 Initial public release.
Rate this Page
Please take a moment to complete this form to help us better serve you.