Lucene search

CertccCVE-2015-0962

HistoryMay 25, 2015 - 10:59 p.m.

CVE-2015-0962

2015-05-2522:59:04

CWE-18

certcc

web.nvd.nist.gov

barracuda

web filter

ssl inspection

vulnerability

cve-2015-0962

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON

Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers’ installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate’s trust relationship.

Affected configurations

Nvd

Node

barracudaweb_filterMatch7.0

barracudaweb_filterMatch7.0.1

barracudaweb_filterMatch7.1.0

barracudaweb_filterMatch8.0

barracudaweb_filterMatch8.0.002

barracudaweb_filterMatch8.0.003

VendorProductVersionCPE
barracudaweb_filter7.0cpe:2.3:a:barracuda:web_filter:7.0:*:*:*:*:*:*:*
barracudaweb_filter7.0.1cpe:2.3:a:barracuda:web_filter:7.0.1:*:*:*:*:*:*:*
barracudaweb_filter7.1.0cpe:2.3:a:barracuda:web_filter:7.1.0:*:*:*:*:*:*:*
barracudaweb_filter8.0cpe:2.3:a:barracuda:web_filter:8.0:*:*:*:*:*:*:*
barracudaweb_filter8.0.002cpe:2.3:a:barracuda:web_filter:8.0.002:*:*:*:*:*:*:*
barracudaweb_filter8.0.003cpe:2.3:a:barracuda:web_filter:8.0.003:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barracuda	web_filter	7.0	cpe:2.3:a:barracuda:web_filter:7.0:::::::*
barracuda	web_filter	7.0.1	cpe:2.3:a:barracuda:web_filter:7.0.1:::::::*
barracuda	web_filter	7.1.0	cpe:2.3:a:barracuda:web_filter:7.1.0:::::::*
barracuda	web_filter	8.0	cpe:2.3:a:barracuda:web_filter:8.0:::::::*
barracuda	web_filter	8.0.002	cpe:2.3:a:barracuda:web_filter:8.0.002:::::::*
barracuda	web_filter	8.0.003	cpe:2.3:a:barracuda:web_filter:8.0.003:::::::*

References

www.kb.cert.org/vuls/id/534407

blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/

techlib.barracuda.com/BWF/UpdateSSLCerts

www.barracuda.com/support/techalerts

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON

Related for CVE-2015-0962