Details of VAR-201505-0108

ID

VAR-201505-0108

CVE

CVE-2015-2852

TITLE

Blue Coat SSL Visibility Appliance contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#498348

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. The appliance provides features such as a dedicated encrypted traffic management platform, easy-to-use policy enforcement points, and an adaptive security solution. Successfully exploiting these vulnerabilities will allow attackers to perform certain unauthorized actions, hijack an arbitrary session, gain access to the sensitive information or compromise the affected application. Other attacks are also possible. It is the core of encrypted traffic management, can provide visibility to SSL traffic, and supports the addition of SSL inspection functions to advanced threat protection solutions programs and existing network security architecture. A remote attacker could exploit this vulnerability to perform unauthorized operations

Trust: 3.24

sources: NVD: CVE-2015-2852 // CERT/CC: VU#498348 // JVNDB: JVNDB-2015-002884 // CNVD: CNVD-2015-03562 // BID: 74921 // VULHUB: VHN-80813

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03562

AFFECTED PRODUCTS

vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	lte	version:	3.8.3	Trust: 1.0
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	lte	version:	3.8.3	Trust: 1.0
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	lte	version:	3.8.3	Trust: 1.0
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	lte	version:	3.8.3	Trust: 1.0
vendor:	blue coat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	eq	version:	3.6.x from 3.8.4	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	lt	version:	3.8.x	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	lt	version:	3.8.x	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	eq	version:	3.6.x from 3.8.4	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	eq	version:	3.6.x from 3.8.4	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	lt	version:	3.8.x	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	eq	version:	3.6.x from 3.8.4	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	lt	version:	3.8.x	Trust: 0.8
vendor:	blue	model:	coat ssl visibility appliance sv800	scope:	-	version:	-	Trust: 0.6
vendor:	blue	model:	coat ssl visibility appliance sv3800	scope:	eq	version:	(3.6.x-3.8.x)<3.8.4	Trust: 0.6
vendor:	blue	model:	coat ssl visibility appliance sv2800	scope:	-	version:	-	Trust: 0.6
vendor:	blue	model:	coat ssl visibility appliance sv1800	scope:	-	version:	-	Trust: 0.6
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	eq	version:	3.8.3	Trust: 0.6
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	eq	version:	3.8.3	Trust: 0.6
vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	eq	version:	3.8.3	Trust: 0.6
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	eq	version:	3.8.3	Trust: 0.6
vendor:	bluecoat	model:	sv800	scope:	eq	version:	3.8.3	Trust: 0.3
vendor:	bluecoat	model:	sv800	scope:	eq	version:	3.6	Trust: 0.3
vendor:	bluecoat	model:	sv3800	scope:	eq	version:	3.8.3	Trust: 0.3
vendor:	bluecoat	model:	sv3800	scope:	eq	version:	3.6	Trust: 0.3
vendor:	bluecoat	model:	sv2800	scope:	eq	version:	3.8.3	Trust: 0.3
vendor:	bluecoat	model:	sv2800	scope:	eq	version:	3.6	Trust: 0.3
vendor:	bluecoat	model:	sv1800	scope:	eq	version:	3.8.3	Trust: 0.3
vendor:	bluecoat	model:	sv1800	scope:	eq	version:	3.6	Trust: 0.3
vendor:	bluecoat	model:	sv800	scope:	ne	version:	3.8.4	Trust: 0.3
vendor:	bluecoat	model:	sv3800	scope:	ne	version:	3.8.4	Trust: 0.3
vendor:	bluecoat	model:	sv2800	scope:	ne	version:	3.8.4	Trust: 0.3
vendor:	bluecoat	model:	sv1800	scope:	ne	version:	3.8.4	Trust: 0.3

sources: CERT/CC: VU#498348 // CNVD: CNVD-2015-03562 // BID: 74921 // JVNDB: JVNDB-2015-002884 // CNNVD: CNNVD-201505-603 // NVD: CVE-2015-2852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-2852
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-2852
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03562
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201505-603
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-80813
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-2852
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03562
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-80813
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03562 // VULHUB: VHN-80813 // JVNDB: JVNDB-2015-002884 // CNNVD: CNNVD-201505-603 // NVD: CVE-2015-2852

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-80813 // JVNDB: JVNDB-2015-002884 // NVD: CVE-2015-2852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-603

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201505-603

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002884

PATCH

title:	SA96	url:	https://bto.bluecoat.com/security-advisory/sa96	Trust: 0.8
title:	Patches for Cross-Site Request Forgery Vulnerabilities in Several Blue Coat Systems SSL Visibility Appliance Products	url:	https://www.cnvd.org.cn/patchInfo/show/59273	Trust: 0.6

sources: CNVD: CNVD-2015-03562 // JVNDB: JVNDB-2015-002884

EXTERNAL IDS

db:	CERT/CC	id:	VU#498348	Trust: 4.2
db:	NVD	id:	CVE-2015-2852	Trust: 3.4
db:	BID	id:	74921	Trust: 2.0
db:	JVN	id:	JVNVU97084421	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002884	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-603	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03562	Trust: 0.6
db:	VULHUB	id:	VHN-80813	Trust: 0.1

sources: CERT/CC: VU#498348 // CNVD: CNVD-2015-03562 // VULHUB: VHN-80813 // BID: 74921 // JVNDB: JVNDB-2015-002884 // CNNVD: CNNVD-201505-603 // NVD: CVE-2015-2852

REFERENCES

url:	http://www.kb.cert.org/vuls/id/498348	Trust: 3.4
url:	https://bto.bluecoat.com/security-advisory/sa96	Trust: 2.5
url:	http://www.securityfocus.com/bid/74921	Trust: 1.1
url:	https://bto.bluecoat.com/news/ssl-visibility-v3.8.4-released	Trust: 0.8
url:	https://fishnetsecurity.com/6labs/blog/vulnerabilities-bluecoat-ssl-visibility-appliances	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/352.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/384.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/20.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2852	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97084421/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2852	Trust: 0.8
url:	https://www.bluecoat.com/products/ssl-visibility-appliance	Trust: 0.3

sources: CERT/CC: VU#498348 // CNVD: CNVD-2015-03562 // VULHUB: VHN-80813 // BID: 74921 // JVNDB: JVNDB-2015-002884 // CNNVD: CNNVD-201505-603 // NVD: CVE-2015-2852

CREDITS

Tim MalcomVetter of FishNet Security

Trust: 0.3

sources: BID: 74921

SOURCES

db:	CERT/CC	id:	VU#498348
db:	CNVD	id:	CNVD-2015-03562
db:	VULHUB	id:	VHN-80813
db:	BID	id:	74921
db:	JVNDB	id:	JVNDB-2015-002884
db:	CNNVD	id:	CNNVD-201505-603
db:	NVD	id:	CVE-2015-2852

LAST UPDATE DATE

2025-04-13T23:23:45.249000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#498348	date:	2015-06-02T00:00:00
db:	CNVD	id:	CNVD-2015-03562	date:	2015-06-09T00:00:00
db:	VULHUB	id:	VHN-80813	date:	2016-12-03T00:00:00
db:	BID	id:	74921	date:	2015-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002884	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-603	date:	2015-06-01T00:00:00
db:	NVD	id:	CVE-2015-2852	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#498348	date:	2015-05-29T00:00:00
db:	CNVD	id:	CNVD-2015-03562	date:	2015-06-04T00:00:00
db:	VULHUB	id:	VHN-80813	date:	2015-05-30T00:00:00
db:	BID	id:	74921	date:	2015-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002884	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-603	date:	2015-05-30T00:00:00
db:	NVD	id:	CVE-2015-2852	date:	2015-05-30T19:59:04.897