CVE-2004-2397

HIGH7.5

The web-based Management Console in Blue Coat Security Gateway OS 3

Published Aug 17, 2005

Modified 1 years ago

Details

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.

References

ADVISORY

http://secunia.com/advisories/11627

WEB

http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html

WEB

http://www.osvdb.org/6218

WEB

http://www.securityfocus.com/bid/10371

WEB

https://exchange.xforce.ibmcloud.com/vulnerabilities/16182

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2004-2397

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Ecosystems

Timeline

PublishedAug 17, 2005

ModifiedAug 8, 2024