{"api_version":"1","generated_at":"2026-04-23T02:57:53+00:00","cve":"CVE-2015-8597","urls":{"html":"https://cve.report/CVE-2015-8597","api":"https://cve.report/api/cve/CVE-2015-8597.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-8597","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-8597"},"summary":{"title":"CVE-2015-8597","description":"Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\"","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2016-01-08 19:59:00","updated_at":"2016-01-13 19:17:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://bto.bluecoat.com/security-advisory/sa107","name":"https://bto.bluecoat.com/security-advisory/sa107","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Broadcom Support Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/","name":"http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/","refsource":"MISC","tags":["Exploit"],"title":"Knowit Secure säkrar BlueCoat | Knowit Secures Blogg","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1034506","name":"1034506","refsource":"SECTRACK","tags":[],"title":"Blue Coat ProxySG Open Redirect Flaw in Coaching Page Lets Remote Users Redirect the Target User's Browser to an Arbitrary Site - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-8597","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8597","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"8597","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bluecoat","cpe5":"advanced_secure_gateway","cpe6":"6.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"8597","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bluecoat","cpe5":"advanced_secure_gateway","cpe6":"6.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"8597","vulnerable":"1","versionEndIncluding":"6.5.8.7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bluecoat","cpe5":"proxysg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-8597","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://bto.bluecoat.com/security-advisory/sa107","refsource":"CONFIRM","url":"https://bto.bluecoat.com/security-advisory/sa107"},{"name":"http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/","refsource":"MISC","url":"http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat/"},{"name":"1034506","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1034506"}]}},"nvd":{"publishedDate":"2016-01-08 19:59:00","lastModifiedDate":"2016-01-13 19:17:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bluecoat:proxysg:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5.8.7","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bluecoat:advanced_secure_gateway:6.6:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"8597","Ordinal":"86550","Title":"CVE-2015-8597","CVE":"CVE-2015-8597","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"8597","Ordinal":"1","NoteData":"Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a \"clear text\" one in a coaching page, as demonstrated by \"http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%.\"","Type":"Description","Title":null},{"CveYear":"2015","CveId":"8597","Ordinal":"2","NoteData":"2016-01-08","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"8597","Ordinal":"3","NoteData":"2016-01-08","Type":"Other","Title":"Modified"}]}}}