Blue Coat has acknowledged multiple vulnerabilities in Blue Coat Director, which can be exploited by malicious people to gain access to sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

1) An error exists in the bundled version of OpenSSL.

For more information:
SA8720

2) Multiple errors exists in the bundled version of Apache HTTP Server.

For more information:
SA30621
SA31384
SA36549
SA36675
SA38852

3) Certain unspecified input related to HTTP TRACE requests is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 5.5.2.3.

Solution
Apply interim fixes. Please see the vendor's advisories for details.

Provided and/or discovered by
3) Reported by the vendor.

Changelog
Further details available to Secunia VIM customers

Original Advisory
https://kb.bluecoat.com/index?page=content&id=SA61
https://kb.bluecoat.com/index?page=content&id=SA62
https://kb.bluecoat.com/index?page=content&id=SA63

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers