4.3
CVE-2015-2855
- EPSS 1.44%
- Veröffentlicht 30.05.2015 19:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginThe WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Blue Coat ≫ Ssl Visibility Appliance Sv800 Firmware Version <= 3.8.3
Blue Coat ≫ Ssl Visibility Appliance Sv1800 Firmware Version <= 3.8.3
Blue Coat ≫ Ssl Visibility Appliance Sv3800 Firmware Version <= 3.8.3
Blue Coat ≫ Ssl Visibility Appliance Sv2800 Firmware Version <= 3.8.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.44% | 0.697 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.kb.cert.org/vuls/id/498348
http://www.securityfocus.com/bid/74921
https://bto.bluecoat.com/security-advisory/sa96