Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
29 Oct 2007 Closed High
A cross-site scripting (XSS) vulnerability has been reported in the handling of the URL that loads Certificate Revocation Lists into the appliance via the management console. If the URL is malformed in certain ways, the malformed text is treated as HTML and displayed to the user, instead of an error message being generated.
A workaround is for administrators to never visit any untrusted site while logged into the ProxySG management console.
Blue Coat Systems wishes to thank Adrian Pastor of ProCheckUp for working with us to resolve this issue.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.