Blue Coat Systems错误页面跨站脚本攻击（XSS）漏洞

漏洞信息详情

Blue Coat Systems错误页面跨站脚本攻击（XSS）漏洞

• CNNVD编号：CNNVD-200210-048
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1060
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2002-10-04
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-11-07
  
• 厂        商：
  
  bluecoat
• 漏洞来源：
  Vulnerability anno…

Client Accelerator 4.1.06版本，Security Gateway 2.1.02，以及Server Accelerator 4.1.06版本的Blue Coat Systems（原来的CacheFlow）存在跨站脚本攻击（XSS）漏洞。远程攻击者可以借助一个包含HTML且不存在主机名称的URL注入任意web脚本或HTML，该漏洞可以插入在产生的错误页面中。

For users that are capable of upgrading vulnerable systems, the vendor has made fixed versions of firmware available. The vendor advises upgrading to the fixed versions specified in the referenced vendor advisory.
CacheFlow Client Accelerator 4.1 .06

• Blue Coat Systems CA4-error-pages.zipClient Accelerator Versions 4.0.xx
  
  http://download.cacheflow.com/release/CA/4.0.00-docs/CA4-error-pages.z
  ip
• Blue Coat Systems v3.1-error-pages.zipClient Accelerator Versions 3.1.xx
  
  http://download.cacheflow.com/release/CA/3.1.00-docs/v3.1-error-pages.
  zip

CacheFlow Server Accelerator 4.1 .06

• Blue Coat Systems SA4-error-pages.zipServer Accelerator Versions 4.0.xx
  
  http://download.cacheflow.com/release/SA/4.0.00-docs/SA4-error-pages.z
  ip

来源: BID
名称: 5305
链接:http://www.securityfocus.com/bid/5305

来源: XF
名称: cacheos-unresolved-error-xss(9674)
链接:http://www.iss.net/security_center/static/9674.php

来源: BID
名称: 5608
链接:http://www.securityfocus.com/bid/5608

来源: download.cacheflow.com
链接:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm

来源: BUGTRAQ
名称: 20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html