The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855.
References
| Link | Resource |
|---|---|
| http://www.kb.cert.org/vuls/id/498348 | Third Party Advisory US Government Resource |
| https://bto.bluecoat.com/security-advisory/sa96 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
History
No history.
Information
Published : 2015-05-30 19:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-4138
Mitre link : CVE-2015-4138
CVE.ORG link : CVE-2015-4138
JSON object : View
Products Affected
blue_coat
- ssl_visibility_appliance_sv1800
- ssl_visibility_appliance_sv3800_firmware
- ssl_visibility_appliance_sv3800
- ssl_visibility_appliance_sv2800_firmware
- ssl_visibility_appliance_sv1800_firmware
- ssl_visibility_appliance_sv800_firmware
- ssl_visibility_appliance_sv800
- ssl_visibility_appliance_sv2800
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor