1. CVE-Search
  2. CVE-2015-2853
ID CVE-2015-2853
Summary Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID. <a href="http://cwe.mitre.org/data/definitions/384.html">CWE-384: Session Fixation</a>
References
Vulnerable Configurations
  • cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:*:*:*:*:*:*:*
    cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:*:*:*:*:*:*:*
  • cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:*:*:*:*:*:*:*
    cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:*:*:*:*:*:*:*
  • cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:*:*:*:*:*:*:*
    cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:*:*:*:*:*:*:*
  • cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:*:*:*:*:*:*:*
    cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-12-2016 - 03:07)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 74921
cert-vn VU#498348
confirm https://bto.bluecoat.com/security-advisory/sa96
Last major update 03-12-2016 - 03:07
Published 30-05-2015 - 19:59
Last modified 03-12-2016 - 03:07
Back to Top