CVE-2015-2854

2015-05-3019:59:07

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element.

Affected configurations

Nvd

Node

blue_coatssl_visibility_appliance_sv800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv800Match-

Node

blue_coatssl_visibility_appliance_sv1800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv1800Match-

Node

blue_coatssl_visibility_appliance_sv2800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv2800Match-

Node

blue_coatssl_visibility_appliance_sv3800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv3800Match-

VendorProductVersionCPE
blue_coatssl_visibility_appliance_sv800_firmware*cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv800-cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv1800_firmware*cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv1800-cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv2800_firmware*cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv2800-cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv3800_firmware*cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv3800-cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blue_coat	ssl_visibility_appliance_sv800_firmware	*	cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware::::::::
blue_coat	ssl_visibility_appliance_sv800	-	cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:::::::*
blue_coat	ssl_visibility_appliance_sv1800_firmware	*	cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware::::::::
blue_coat	ssl_visibility_appliance_sv1800	-	cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:::::::*
blue_coat	ssl_visibility_appliance_sv2800_firmware	*	cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware::::::::
blue_coat	ssl_visibility_appliance_sv2800	-	cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:::::::*
blue_coat	ssl_visibility_appliance_sv3800_firmware	*	cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware::::::::
blue_coat	ssl_visibility_appliance_sv3800	-	cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:::::::*