Blue Coat ProxyAV < 3.2.6.1 Multiple Admin Function CSRF

High Nessus Plugin ID 69930

Synopsis

The host is affected by multiple admin function cross-site request forgery vulnerabilities.

Description

According to its self-reported version number, the firmware installed on the remote host is affected by multiple admin function cross-site request forgery vulnerabilities.

Note that Nessus has not tested for the issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Blue Coat ProxyAV 3.2.6.1 or later.

See Also

https://kb.bluecoat.com/index?page=content&id=SA46

Plugin Details

Severity: High

ID: 69930

File Name: bluecoat_proxy_av_3_2_6_1.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 2013/09/17

Modified: 2018/06/13

Dependencies: 69929

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:bluecoat:proxyav

Required KB Items: Settings/ParanoidReport, www/bluecoat_proxyav

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/06/19

Vulnerability Publication Date: 2010/06/19

Reference Information

CVE: CVE-2010-5191

BID: 44385