BugTraq
Blue Coat xss Sep 21 2008 12:37PM
jplopezy gmail com (2 replies)
Re: Blue Coat xss Oct 02 2008 07:56PM
Tom Kelly (tom kelly bluecoat com)
Re: Blue Coat xss Sep 23 2008 05:26AM
Hugo van der Kooij (hvdkooij vanderkooij org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jplopezy (at) gmail (dot) com [email concealed] wrote:
> There is a security issue in the blue coat.
> The problem lies in the "Web Filter", which lets you execute an XSS.
> This only affects the Internet Explorer browser. "
>
> as a result, could jump the antivirus scan or make spoofing.
>
> POC
>
> http://www.example.com/file.exe?<script>(1)</script>

I am afraid you need to clarify yourself a bit further. What policy are
you using? What resource(s) besides a ProxySG are you using? (You
mention Webfilter and antivirus.) What versions of SGOS did you test?

In short. Write a report that is clear and not too ambigious to be taken
seriously

Hugo.

- --
hvdkooij (at) vanderkooij (dot) org [email concealed] http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFI2H4KBvzDRVjxmYERAmOgAKCyqXv/3s0bFBEFTKvhQ6QFi0hCZwCeLiBD
6FKJxRIGrMITOJZcl+LyeUk=
=GR9o
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus