CVE-2010-5191: CSRF
First published: Sun Aug 26 2012(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Blue Coat Avos | <=3.2.6 | |
| Blue Coat Avos | =3.1 | |
| Blue Coat Avos | =3.2 | |
| Bluecoat ProxyAV |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-5191?
CVE-2010-5191 is classified as a high severity vulnerability due to the potential for remote attackers to hijack administrator authentication.
How do I fix CVE-2010-5191?
To fix CVE-2010-5191, upgrade the Blue Coat ProxyAV appliance to version 3.2.6.1 or later.
What types of attacks can occur due to CVE-2010-5191?
CVE-2010-5191 allows attackers to perform actions such as changing passwords, modifying policies, or restarting the Blue Coat ProxyAV device.
Which Blue Coat products are affected by CVE-2010-5191?
CVE-2010-5191 affects the Blue Coat ProxyAV appliances running versions up to and including 3.2.6.
Can CVE-2010-5191 be exploited without user interaction?
Yes, CVE-2010-5191 can be exploited through cross-site request forgery, allowing attackers to hijack authentication without user interaction.
- collector/nvd-historical
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- vendor/bluecoat
- canonical/blue coat avos
- version/blue coat avos/3.2.6
- version/blue coat avos/3.1
- version/blue coat avos/3.2
- canonical/bluecoat proxyav