The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Blue Coat CAS

computer vulnerability alert CVE-2018-8020

Apache Tomcat Native: privilege escalation via Revoked Client Certificates

Synthesis of the vulnerability

An attacker can bypass restrictions via Revoked Client Certificates of Apache Tomcat Native, in order to escalate his privileges.
Impacted products: Blue Coat CAS, Debian, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 16/08/2018.
Identifiers: CVE-2018-8020, DLA-1475-1, RHSA-2018:2469-01, RHSA-2018:2470-01, SUSE-SU-2019:14014-1, SYMSA1463, VIGILANCE-VUL-27026.

Description of the vulnerability

An attacker can bypass restrictions via Revoked Client Certificates of Apache Tomcat Native, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-8019

Apache Tomcat Native: privilege escalation via Revoked Client Certificates

Synthesis of the vulnerability

An attacker can bypass restrictions via Revoked Client Certificates of Apache Tomcat Native, in order to escalate his privileges.
Impacted products: Blue Coat CAS, Debian, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 16/08/2018.
Identifiers: CVE-2018-8019, DLA-1475-1, RHSA-2018:2469-01, RHSA-2018:2470-01, SUSE-SU-2019:14014-1, SYMSA1463, VIGILANCE-VUL-27025.

Description of the vulnerability

An attacker can bypass restrictions via Revoked Client Certificates of Apache Tomcat Native, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-15473

OpenSSH: information disclosure via Username Enumeration

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Username Enumeration of OpenSSH, in order to obtain sensitive information.
Impacted products: Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, AIX, McAfee Web Gateway, Data ONTAP, OpenSSH, openSUSE Leap, Solaris, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 16/08/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-410, CVE-2018-15473, DLA-1474-1, DSA-4280-1, FEDORA-2018-065a7722ee, FEDORA-2018-f56ded11c4, NTAP-20181101-0001, openSUSE-SU-2018:3801-1, openSUSE-SU-2018:3946-1, RHSA-2019:0711-01, SB10267, SSB-439005, SUSE-SU-2018:3540-1, SUSE-SU-2018:3686-1, SUSE-SU-2018:3768-1, SUSE-SU-2018:3776-1, SUSE-SU-2018:3781-1, SUSE-SU-2018:3910-1, SYMSA1469, USN-3809-1, VIGILANCE-VUL-27016.

Description of the vulnerability

An attacker can bypass access restrictions to data via Username Enumeration of OpenSSH, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-8034

Apache Tomcat: Man-in-the-Middle via WebSocket Client

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via WebSocket Client on Apache Tomcat, in order to read or write data in the session.
Impacted products: Tomcat, Blue Coat CAS, Debian, Fedora, QRadar SIEM, openSUSE Leap, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 23/07/2018.
Identifiers: CERTFR-2018-AVI-584, CVE-2018-8034, DLA-1453-1, DLA-1491-1, DSA-4281-1, FEDORA-2018-b1832101b8, ibm10742719, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0450-01, RHSA-2019:0451-01, RHSA-2019:1159-01, RHSA-2019:1160-01, RHSA-2019:1161-01, RHSA-2019:1162-01, RHSA-2019:1529-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SYMSA1463, USN-3723-1, VIGILANCE-VUL-26817.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via WebSocket Client on Apache Tomcat, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1336

Apache Tomcat: infinite loop via UTF-8 Decoder

Synthesis of the vulnerability

An attacker can generate an infinite loop via UTF-8 Decoder of Apache Tomcat, in order to trigger a denial of service.
Impacted products: Tomcat, Blue Coat CAS, Debian, openSUSE Leap, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/07/2018.
Identifiers: CERTFR-2018-AVI-356, CVE-2018-1336, DLA-1491-1, DSA-4281-1, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2018:2700-01, RHSA-2018:2701-01, RHSA-2018:2740-01, RHSA-2018:2741-01, RHSA-2018:2742-01, RHSA-2018:2743-01, RHSA-2018:2921-01, RHSA-2018:2930-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SYMSA1463, USN-3723-1, VIGILANCE-VUL-26815.

Description of the vulnerability

An attacker can generate an infinite loop via UTF-8 Decoder of Apache Tomcat, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, AIX, IBM i, Rational ClearCase, QRadar SIEM, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: internet server.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SUSE-SU-2019:1553-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-9092

Symantec Content Analysis: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Symantec Content Analysis, in order to force the victim to perform operations.
Impacted products: Blue Coat CAS, Symantec Content Analysis.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 18/05/2018.
Identifiers: CVE-2016-9092, SA149, VIGILANCE-VUL-26163.

Description of the vulnerability

The Symantec Content Analysis product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Symantec Content Analysis, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0739

OpenSSL: denial of service via Recursive ASN.1

Synthesis of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Avamar, BIG-IP Hardware, TMOS, Fedora, AIX, IBM i, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere MQ, MariaDB ~ precise, McAfee Email Gateway, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, RHEL, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 27/03/2018.
Identifiers: 2015887, 524146, bulletinjan2019, CERTFR-2018-AVI-155, cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-0739, DLA-1330-1, DSA-2018-125, DSA-4157-1, DSA-4158-1, FEDORA-2018-1b4f1158e2, FEDORA-2018-40dc8b8b16, FEDORA-2018-76afaf1961, FEDORA-2018-9490b422e7, ibm10715641, ibm10717211, ibm10717405, ibm10717409, ibm10719319, ibm10733605, ibm10738249, ibm10874728, K08044291, N1022561, openSUSE-SU-2018:0936-1, openSUSE-SU-2018:1057-1, openSUSE-SU-2018:2208-1, openSUSE-SU-2018:2238-1, openSUSE-SU-2018:2524-1, openSUSE-SU-2018:2695-1, PAN-SA-2018-0015, RHSA-2018:3090-01, RHSA-2018:3221-01, SA166, SB10243, SSA-181018, SUSE-SU-2018:0902-1, SUSE-SU-2018:0905-1, SUSE-SU-2018:0906-1, SUSE-SU-2018:0975-1, SUSE-SU-2018:2072-1, SUSE-SU-2018:2158-1, SUSE-SU-2018:2683-1, Synology-SA-18:51, USN-3611-1, USN-3611-2, VIGILANCE-VUL-25666.

Description of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1301

Apache httpd: out-of-bounds memory reading via Request Reading Failure

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1301, DLA-1389-1, DSA-4164-1, FEDORA-2018-375e3244b6, K78131906, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, SYMSA1457, USN-3627-1, USN-3627-2, USN-3937-2, VIGILANCE-VUL-25638.

Description of the vulnerability

An attacker can force a read at an invalid address via Request Reading Failure of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1303

Apache httpd: out-of-bounds memory reading via mod_cache_socache

Synthesis of the vulnerability

An attacker can force a read at an invalid address via mod_cache_socache of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Blue Coat CAS, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1303, DSA-4164-1, FEDORA-2018-375e3244b6, openSUSE-SU-2018:1198-1, RHSA-2018:3558-01, SUSE-SU-2018:0879-1, SUSE-SU-2018:0901-1, SYMSA1457, USN-3627-1, USN-3627-2, VIGILANCE-VUL-25636.

Description of the vulnerability

An attacker can force a read at an invalid address via mod_cache_socache of Apache httpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.