Blue Coat ProxyAV < 3.2.6.1 Multiple Admin Function CSRF

high Nessus Plugin ID 69930

Synopsis

The host is affected by multiple admin function cross-site request forgery vulnerabilities.

Description

According to its self-reported version number, the firmware installed on the remote host is affected by multiple admin function cross-site request forgery vulnerabilities.

Note that Nessus has not tested for the issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Blue Coat ProxyAV 3.2.6.1 or later.

See Also

https://kb.bluecoat.com/index?page=content&id=SA46

Plugin Details

Severity: High

ID: 69930

File Name: bluecoat_proxy_av_3_2_6_1.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 9/17/2013

Updated: 1/19/2021

Configuration: Enable paranoid mode

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:bluecoat:proxyav

Required KB Items: Settings/ParanoidReport, www/bluecoat_proxyav

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/19/2010

Vulnerability Publication Date: 6/19/2010

Reference Information

CVE: CVE-2010-5191

BID: 44385