Lucene search

[email protected]CVE-2015-0961

HistoryMay 25, 2015 - 10:59 p.m.

CVE-2015-0961

2015-05-2522:59:02

[email protected]

web.nvd.nist.gov

barracuda

web filter

ssl inspection

cve-2015-0961

security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.2%

JSON

Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected configurations

NVD

Node

barracudaweb_filterRange≤8.0.003

CPENameOperatorVersion
barracuda:web_filterbarracuda web filterle8.0.003

CPE	Name	Operator	Version
barracuda:web_filter	barracuda web filter	le	8.0.003

References

www.kb.cert.org/vuls/id/534407

blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/

techlib.barracuda.com/BWF/UpdateSSLCerts

www.barracuda.com/support/techalerts

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.2%

JSON

Related for CVE-2015-0961

prion1 nvd1 cvelist1 openvas1 cert1