EUVD-2015-2940

Malware in sbrugna...

CVE-2015-4138

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive...

CVE-2015-2852

Cross-site request forgery CSRF vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators...

Design/Logic Flaw

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive...

CVE-2015-2853

CVE-2015-2853 is a session-fixation vulnerability in the WebUI of Blue Coat SSL Visibility Appliance (SV800, SV1800, SV2800, SV3800) affecting versions 3.6.x–3.8.x up to 3.8.4. The root cause is that the session ID is set before authentication and is not invalidated or changed after login, enabli...

CVE-2015-2852

Blue Coat SSL Visibility Appliance WebUI (SV800/SV1800/SV2800/SV3800; 3.6.x–3.8.x before 3.8.4) is affected by CVE-2015-2852, a CSRF flaw that lets an attacker hijack an administrator’s session by inducing a logged-in user to trigger a malicious request. Root cause is CSRF in the WebUI component,...