The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sgos | Bluecoat | * | 4.3.4 (including) |
| Sgos | Bluecoat | 3.2.6 (including) | 3.2.6 (including) |
| Sgos | Bluecoat | 4.1.2.1 (including) | 4.1.2.1 (including) |
| Sgos | Bluecoat | 4.2.1.2 (including) | 4.2.1.2 (including) |
| Sgos | Bluecoat | 4.2.1.6 (including) | 4.2.1.6 (including) |
| Sgos | Bluecoat | 4.2.2 (including) | 4.2.2 (including) |
| Sgos | Bluecoat | 4.2.2.1 (including) | 4.2.2.1 (including) |
| Sgos | Bluecoat | 4.2.2.2 (including) | 4.2.2.2 (including) |
| Sgos | Bluecoat | 4.2.3 (including) | 4.2.3 (including) |
| Sgos | Bluecoat | 4.2.3.4 (including) | 4.2.3.4 (including) |
| Sgos | Bluecoat | 4.2.3.7 (including) | 4.2.3.7 (including) |
| Sgos | Bluecoat | 4.2.3.12 (including) | 4.2.3.12 (including) |
| Sgos | Bluecoat | 4.2.3.21 (including) | 4.2.3.21 (including) |
| Sgos | Bluecoat | 4.2.3.26 (including) | 4.2.3.26 (including) |
| Sgos | Bluecoat | 4.2.4.1 (including) | 4.2.4.1 (including) |
| Sgos | Bluecoat | 4.2.5 (including) | 4.2.5 (including) |
| Sgos | Bluecoat | 4.2.5.1 (including) | 4.2.5.1 (including) |
| Sgos | Bluecoat | 4.2.6 (including) | 4.2.6 (including) |
| Sgos | Bluecoat | 4.2.6.1 (including) | 4.2.6.1 (including) |
| Sgos | Bluecoat | 4.2.6.4 (including) | 4.2.6.4 (including) |
| Sgos | Bluecoat | 4.2.7.1 (including) | 4.2.7.1 (including) |
| Sgos | Bluecoat | 5.2.2.4 (including) | 5.2.2.4 (including) |
| Sgos | Bluecoat | 5.4.5 (including) | 5.4.5 (including) |
| Sgos | Bluecoat | 5.5.4 (including) | 5.5.4 (including) |
| Sgos | Bluecoat | 6.1.2 (including) | 6.1.2 (including) |
References
- https://kb.bluecoat.com/index?page=content\u0026id=SA48
- https://kb.bluecoat.com/index?page=content\u0026id=SA48