Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2397

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2397
Last Modified 05 Sep 2008 04:44:01
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2397

Summary

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.

Vulnerable Systems

Operating System

  • Bluecoat Security Gateway Os 3.0

  • Bluecoat Security Gateway Os 3.1

  • Bluecoat Security Gateway Os 3.1.2

  • Bluecoat Security Gateway Os 3.1.2.2

  • Bluecoat Security Gateway Os 3.1.3.13

  • Bluecoat Security Gateway Os 3.1.3.2

  • Bluecoat Security Gateway Os 3.1.3.7

  • Bluecoat Security Gateway Os 3.2.1


References

XF - bluecoat-sgos-key-plaintext(16182)

BID - 10371

CONFIRM - http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html

SECUNIA - 11627

OSVDB - 6218


Last Updated: 27 May 2016 10:39:28