CVE-2015-2855
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138.
Affected (4)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.8.3 |
| Running on/with | Platform Versions |
|---|---|
Blue Coat Ssl Visibility Appliance Sv800 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.8.3 |
| Running on/with | Platform Versions |
|---|---|
Blue Coat Ssl Visibility Appliance Sv1800 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.8.3 |
| Running on/with | Platform Versions |
|---|---|
Blue Coat Ssl Visibility Appliance Sv3800 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.8.3 |
| Running on/with | Platform Versions |
|---|---|
Blue Coat Ssl Visibility Appliance Sv2800 | All versions |
References (6)
Source: cret@cert.org
Third Party AdvisoryUS Government Resource
Source: cret@cert.org
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.