CVE-2007-5796: XSS
First published: Sat Nov 03 2007(Updated: )
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec ProxySG | <4.2.6.1 | |
| Symantec ProxySG | >=5.0.0<5.2.2.5 | |
| Symantec ProxySG |
Remedy
http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-5796?
CVE-2007-5796 is classified as a high severity vulnerability due to its potential for serious exploitation via cross-site scripting.
How do I fix CVE-2007-5796?
To mitigate CVE-2007-5796, it is recommended to upgrade the Blue Coat ProxySG firmware to version 4.2.6.1 or 5.2.2.5 or later.
What products are affected by CVE-2007-5796?
CVE-2007-5796 affects Blue Coat ProxySG before version 4.2.6.1 and version 5.x before 5.2.2.5.
What type of attack is CVE-2007-5796 associated with?
CVE-2007-5796 is associated with cross-site scripting (XSS) attacks that allow remote script injection.
Can CVE-2007-5796 be exploited remotely?
Yes, CVE-2007-5796 can be exploited remotely by attackers through manipulated URLs.
- collector/nvd-historical
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/symantec
- canonical/symantec proxysg
- version/symantec proxysg/5.0.0