CVE-2015-2855

2015-05-3019:59:07

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

73.0%

JSON

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator’s cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138.

Affected configurations

Nvd

Node

blue_coatssl_visibility_appliance_sv800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv800Match-

Node

blue_coatssl_visibility_appliance_sv1800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv1800Match-

Node

blue_coatssl_visibility_appliance_sv3800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv3800Match-

Node

blue_coatssl_visibility_appliance_sv2800_firmwareRange≤3.8.3

AND

blue_coatssl_visibility_appliance_sv2800Match-

VendorProductVersionCPE
blue_coatssl_visibility_appliance_sv800_firmware*cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv800-cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv1800_firmware*cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv1800-cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv3800_firmware*cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv3800-cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv2800_firmware*cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:*
blue_coatssl_visibility_appliance_sv2800-cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blue_coat	ssl_visibility_appliance_sv800_firmware	*	cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware::::::::
blue_coat	ssl_visibility_appliance_sv800	-	cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:::::::*
blue_coat	ssl_visibility_appliance_sv1800_firmware	*	cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware::::::::
blue_coat	ssl_visibility_appliance_sv1800	-	cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:::::::*
blue_coat	ssl_visibility_appliance_sv3800_firmware	*	cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware::::::::
blue_coat	ssl_visibility_appliance_sv3800	-	cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:::::::*
blue_coat	ssl_visibility_appliance_sv2800_firmware	*	cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware::::::::
blue_coat	ssl_visibility_appliance_sv2800	-	cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:::::::*