CVE-2015-1454 Information

Description

Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates which allows man-in-the-middle attackers to spoof ProxySG Client Managers and consequently modify configurations and execute arbitrary software updates via a crafted certificate.

Reference

http://secunia.com/advisories/62617 https://bto.bluecoat.com/security-advisory/sa89