The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855.
References
| Link | Resource |
|---|---|
| https://bto.bluecoat.com/security-advisory/sa96 | Vendor Advisory |
| http://www.kb.cert.org/vuls/id/498348 | Third Party Advisory US Government Resource |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Information
Published : 2015-05-30 12:59
Updated : 2015-06-02 07:24
NVD link : CVE-2015-4138
Mitre link : CVE-2015-4138
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Advertisement
Products Affected
blue_coat
- ssl_visibility_appliance_sv1800_firmware
- ssl_visibility_appliance_sv2800_firmware
- ssl_visibility_appliance_sv800
- ssl_visibility_appliance_sv3800_firmware
- ssl_visibility_appliance_sv3800
- ssl_visibility_appliance_sv2800
- ssl_visibility_appliance_sv1800
- ssl_visibility_appliance_sv800_firmware