4.3
CVE-2015-2854
- EPSS 1.41%
- Veröffentlicht 30.05.2015 19:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginThe WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Blue Coat ≫ Ssl Visibility Appliance Sv800 Firmware Version <= 3.8.3
Blue Coat ≫ Ssl Visibility Appliance Sv1800 Firmware Version <= 3.8.3
Blue Coat ≫ Ssl Visibility Appliance Sv2800 Firmware Version <= 3.8.3
Blue Coat ≫ Ssl Visibility Appliance Sv3800 Firmware Version <= 3.8.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.41% | 0.692 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.kb.cert.org/vuls/id/498348
http://www.securityfocus.com/bid/74921
https://bto.bluecoat.com/security-advisory/sa96