Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
15 Oct 2010 Closed Medium CVSS v2: 5.0 SA48
All versions of ProxySG prior to 6.1.2 are vulnerable.
ProxySG 6.1 - a fix is available in SGOS 22.214.171.124.
ProxySG 5.5 - a fix is available in SGOS 126.96.36.199
ProxySG 5.4 - a fix is available in SGOS 188.8.131.52.
ProxySG 5.3 - please upgrade to a later version.
ProxySG 4.3 - an interim fix is available in SGOS 184.108.40.206 patch release.
For information on how to upgrade SGOS, please see KB3608.
Malicious scripts are commonly encoded in web pages and run without a user's knowledge. ProxySG can be configured to supplement virus scanning of Web content by detecting and removing the HTML tags that launch active content such as Java applets or scripts. In addition, the removed content can be replaced with predefined material, also called active content transformation.
Anything within the <script></script> tags.
Vulnerable SGOS versions only detect these tags and attributes encoded in ASCII. Tags and attributes encoded in other formats will elude detection.
CVSS v2 base score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Malicious active content is difficult to distinguish from legitimate active content. ProxySG active content transformation and removal is designed to supplement WebPulse, virus scanners, and browser protections that detect and prevent malicious active content. Customers are encouraged to employ multiple layers of protection to achieve the best results.
2014-01-20 Marked as final
2011-05-25 Notification of fix in a patch release of ProxySG version 220.127.116.11.
2011-04-26 Minor update to clarify vulnerable versions.
2011-02-17 Notification of fix in ProxySG version 18.104.22.168. Added the fix for SGOS 22.214.171.124. Added link to KB3608.
2010-10-27 Notification of ProxySG version 126.96.36.199 patch release being promoted to GA release.
2010-10-15 Initial public release.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.