Blue Coat ProxySG 6.5.x Multiple OpenSSL Vulnerabilities
Medium Nessus Plugin ID 76165
SynopsisThe remote device is potentially affected by multiple vulnerabilities.
DescriptionThe remote Blue Coat ProxySG device's SGOS self-reported version is 6.5 prior to 184.108.40.206 and, therefore, contains a bundled version of OpenSSL that contains multiple flaws. It is, therefore, potentially affected by the following vulnerabilities :
- An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks.
SolutionUpgrade to version 220.127.116.11 or later.