Search criteria
2 vulnerabilities found for Blue Coat CAS by Symantec Corporation
CVE-2016-9091 (GCVE-0-2016-9091)
Vulnerability from cvelistv5 – Published: 2017-04-05 15:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Blue Coat ASG |
Affected:
6.6 prior to 6.6.5.4
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Blue Coat ASG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.4"
}
]
},
{
"product": "Blue Coat CAS",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "1.3 prior to 1.3.7.4"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-9091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blue Coat ASG",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.4"
}
]
}
},
{
"product_name": "Blue Coat CAS",
"version": {
"version_data": [
{
"version_value": "1.3 prior to 1.3.7.4"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa138",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-9091",
"datePublished": "2017-04-05T15:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9091 (GCVE-0-2016-9091)
Vulnerability from nvd – Published: 2017-04-05 15:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Blue Coat ASG |
Affected:
6.6 prior to 6.6.5.4
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Blue Coat ASG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.4"
}
]
},
{
"product": "Blue Coat CAS",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "1.3 prior to 1.3.7.4"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-9091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blue Coat ASG",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.4"
}
]
}
},
{
"product_name": "Blue Coat CAS",
"version": {
"version_data": [
{
"version_value": "1.3 prior to 1.3.7.4"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa138",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-9091",
"datePublished": "2017-04-05T15:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}