Blue Coat ProxySG SGOS HTTP Proxy Arbitrary Port Connection
Remote / Network Access
Loss of Integrity
ProxySG SGOS contains a flaw that may allow a remote malicious user to bypass proxy restrictions. The issue is triggered when processing a "CONNECT" method sent to an arbitrary port. It is possible that the flaw may result in a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue, though the vendor has announced this issue to be fixed in future version 4.1.4. It is possible to correct the flaw by implementing the following workaround(s): Write a Visual Policy Manager rule that blocks the CONNECT method to any port other than 443.