{"api_version":"1","generated_at":"2026-05-06T06:05:29+00:00","cve":"CVE-2016-9099","urls":{"html":"https://cve.report/CVE-2016-9099","api":"https://cve.report/api/cve/CVE-2016-9099.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-9099","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-9099"},"summary":{"title":"CVE-2016-9099","description":"Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.","state":"PUBLIC","assigner":"secure@symantec.com","published_at":"2017-05-11 14:30:00","updated_at":"2021-07-08 16:37:00"},"problem_types":["CWE-601"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/102455","name":"102455","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Symantec ProxySG and ASG CVE-2016-9099 Open Redirection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.symantec.com/security-center/network-protection-security-advisories/SA155","name":"https://www.symantec.com/security-center/network-protection-security-advisories/SA155","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Broadcom Support Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1040138","name":"1040138","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Blue Coat ProxySG Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks and Obtain Authentication Information - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-9099","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9099","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"advanced_secure_gateway","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"advanced_secure_gateway","cpe6":"6.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"symantec_proxysg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"symantec_proxysg","cpe6":"6.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"advanced_secure_gateway","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"advanced_secure_gateway","cpe6":"6.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"advanced_secure_gateway","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"advanced_secure_gateway","cpe6":"6.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"proxysg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"proxysg","cpe6":"6.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"proxysg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9099","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"proxysg","cpe6":"6.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@symantec.com","DATE_PUBLIC":"2018-01-09T00:00:00","ID":"CVE-2016-9099","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ASG","version":{"version_data":[{"version_value":"6.6"},{"version_value":"6.7 prior to 6.7.2.1"}]}},{"product_name":"ProxySG","version":{"version_data":[{"version_value":"6.5 prior to 6.5.10.6"},{"version_value":"6.6"},{"version_value":"6.7 prior to 6.7.2.1"}]}}]},"vendor_name":"Symantec Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Open redirection"}]}]},"references":{"reference_data":[{"name":"102455","refsource":"BID","url":"http://www.securityfocus.com/bid/102455"},{"name":"1040138","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040138"},{"name":"https://www.symantec.com/security-center/network-protection-security-advisories/SA155","refsource":"CONFIRM","url":"https://www.symantec.com/security-center/network-protection-security-advisories/SA155"}]}},"nvd":{"publishedDate":"2017-05-11 14:30:00","lastModifiedDate":"2021-07-08 16:37:00","problem_types":["CWE-601"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.7.2.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.5.10.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.7.2.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"9099","Ordinal":"95767","Title":"CVE-2016-9099","CVE":"CVE-2016-9099","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"9099","Ordinal":"1","NoteData":"Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"9099","Ordinal":"2","NoteData":"2017-05-11","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"9099","Ordinal":"3","NoteData":"2018-01-11","Type":"Other","Title":"Modified"}]}}}