The default configuration of SGOS in Blue Coat ProxySG prior to 6.2.16.5, 6.5 prior to 6.5.7.1, and 6.6 prior to 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote malicious users to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
symantec proxysg firmware |