CVE-2004-2397

Sažetak

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.

Reference

http://secunia.com/advisories/11627
http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html
http://www.osvdb.org/6218
http://www.securityfocus.com/bid/10371
https://exchange.xforce.ibmcloud.com/vulnerabilities/16182

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2024 - 16:17

Objavljeno

31-12-2004 - 05:00