Lucene search

[email protected]CVE-2015-2854

HistoryMay 30, 2015 - 7:59 p.m.

CVE-2015-2854

2015-05-3019:59:07

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-2854

webui

blue coat

ssl visibility appliance

remote attackers

clickjacking

iframe

x-frame-options

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element.

Affected configurations

NVD

Node

blue_coatssl_visibility_appliance_sv800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv800Match-

Node

blue_coatssl_visibility_appliance_sv1800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv1800Match-

Node

blue_coatssl_visibility_appliance_sv2800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv2800Match-

Node

blue_coatssl_visibility_appliance_sv3800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv3800Match-

CPENameOperatorVersion
blue_coat:ssl_visibility_appliance_sv800_firmwareblue coat ssl visibility appliance sv800 firmwarele3.8.3

CPE	Name	Operator	Version
blue_coat:ssl_visibility_appliance_sv800_firmware	blue coat ssl visibility appliance sv800 firmware	le	3.8.3

References

www.kb.cert.org/vuls/id/498348

www.securityfocus.com/bid/74921

bto.bluecoat.com/security-advisory/sa96

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for CVE-2015-2854

cvelist1 nvd1 prion1 cert1 symantec1