Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
9 Jan 2018 Closed Medium CVSS v2: 5.1 SA155
A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. Exploiting this vulnerability does not allow the attacker to bypass the security controls enforced by the ASG/ProxySG policy. If ASG/ProxySG are configured to intercept traffic from the target user, they will enforce the configured security controls on the redirected request to the malicious web site.
Thanks to Jakub Pałaczyński and Pawel Bartunek for reporting these vulnerabilities.
2018-07-27 CacheFlow 3.4 is vulnerable to CVE-2016-9099 and CVE-2016-10257. A fix is available in CacheFlow 18.104.22.168. Advisory Status moved to Closed.
2018-04-22 A fix for CVE-2016-9099 and CVE-2016-10257 in ASG 6.6 is available in 22.214.171.124. A fix for CVE-2016-9099, CVE-2016-10256, and CVE-2016-10257 in ProxySG 6.6 is available in 126.96.36.199.
2018-01-16 Added references to NVD articles.
2018-01-09 initial public release
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.