VAR-200412-0293
Vulnerability from variot - Updated: 2024-02-13 23:00The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. The issue reportedly occurs when the private key is imported through the web-based administrative interface. This will cause the private key and passphrase to logged in plaintext, potentially exposing this issue to other local users. It is also reported that certain administrative actions or configurations could also expose this information to other unauthorized parties, though specific details have not been publicized at this time. Blue Coat Systems' products are purpose-built appliances optimized for the specific application of Web acceleration and security. Attackers may obtain these sensitive information and control the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0293",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bluecoat security gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.1.3.13"
},
{
"model": "bluecoat security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.2.1"
},
{
"model": "bluecoat security gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "security gateway os",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "3.1.3.2"
},
{
"model": "security gateway os",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "3.1"
},
{
"model": "security gateway os",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "3.1.3.7"
},
{
"model": "security gateway os",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "3.2.1"
},
{
"model": "security gateway os",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "3.1.3.13"
},
{
"model": "security gateway os",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "3.1.2.2"
},
{
"model": "security gateway os",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "3.1.2"
},
{
"model": "security gateway os",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "3.0"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.2.1"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.3.7"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.3.2"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.3.13"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.2.2"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.2"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.0"
},
{
"model": "coat systems security gateway os",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "3.2.1.1"
},
{
"model": "coat systems security gateway os",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.3.14"
}
],
"sources": [
{
"db": "BID",
"id": "10371"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-808"
},
{
"db": "NVD",
"id": "CVE-2004-2397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.3.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:security_gateway_os:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:security_gateway_os:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:security_gateway_os:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2397"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Coat Systems",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-808"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-10825",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-2397",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-808",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10825",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10825"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-808"
},
{
"db": "NVD",
"id": "CVE-2004-2397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. \nThe issue reportedly occurs when the private key is imported through the web-based administrative interface. This will cause the private key and passphrase to logged in plaintext, potentially exposing this issue to other local users. \nIt is also reported that certain administrative actions or configurations could also expose this information to other unauthorized parties, though specific details have not been publicized at this time. Blue Coat Systems\u0027 products are purpose-built appliances optimized for the specific application of Web acceleration and security. Attackers may obtain these sensitive information and control the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2397"
},
{
"db": "BID",
"id": "10371"
},
{
"db": "VULHUB",
"id": "VHN-10825"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "10371",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-2397",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "6218",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "11627",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-808",
"trust": 0.7
},
{
"db": "XF",
"id": "16182",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6461",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-10825",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10825"
},
{
"db": "BID",
"id": "10371"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-808"
},
{
"db": "NVD",
"id": "CVE-2004-2397"
}
]
},
"id": "VAR-200412-0293",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10825"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T23:00:46.424000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/10371"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/6218"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11627"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16182"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16182"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6461"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10825"
},
{
"db": "BID",
"id": "10371"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-808"
},
{
"db": "NVD",
"id": "CVE-2004-2397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10825"
},
{
"db": "BID",
"id": "10371"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-808"
},
{
"db": "NVD",
"id": "CVE-2004-2397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10825"
},
{
"date": "2004-05-18T00:00:00",
"db": "BID",
"id": "10371"
},
{
"date": "2004-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-808"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10825"
},
{
"date": "2004-05-18T00:00:00",
"db": "BID",
"id": "10371"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-808"
},
{
"date": "2024-02-13T16:17:43.783000",
"db": "NVD",
"id": "CVE-2004-2397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-808"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Coat Systems SGOS Private Key Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "10371"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-808"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "10371"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-808"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…