Details of VAR-201505-0111

ID

VAR-201505-0111

CVE

CVE-2015-2855

TITLE

Blue Coat SSL Visibility Appliance contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#498348

DESCRIPTION

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138. It is the core of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL checking to advanced threat protection solutions. The solution and the existing network security architecture. Successfully exploiting these vulnerabilities will allow attackers to perform certain unauthorized actions, hijack an arbitrary session, gain access to the sensitive information or compromise the affected application. Other attacks are also possible

Trust: 3.24

sources: NVD: CVE-2015-2855 // CERT/CC: VU#498348 // JVNDB: JVNDB-2015-002885 // CNVD: CNVD-2015-03629 // BID: 74921 // VULHUB: VHN-80816

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03629

AFFECTED PRODUCTS

vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	lte	version:	3.8.3	Trust: 1.0
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	lte	version:	3.8.3	Trust: 1.0
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	lte	version:	3.8.3	Trust: 1.0
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	lte	version:	3.8.3	Trust: 1.0
vendor:	blue coat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	eq	version:	3.6.x from 3.8.4	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	lt	version:	3.8.x	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	lt	version:	3.8.x	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	eq	version:	3.6.x from 3.8.4	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	eq	version:	3.6.x from 3.8.4	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	lt	version:	3.8.x	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	eq	version:	3.6.x from 3.8.4	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	lt	version:	3.8.x	Trust: 0.8
vendor:	blue	model:	coat ssl visibility appliance sv800	scope:	-	version:	-	Trust: 0.6
vendor:	blue	model:	coat ssl visibility appliance sv3800	scope:	eq	version:	(3.6.x-3.8.x)<3.8.4	Trust: 0.6
vendor:	blue	model:	coat ssl visibility appliance sv2800	scope:	-	version:	-	Trust: 0.6
vendor:	blue	model:	coat ssl visibility appliance sv1800	scope:	-	version:	-	Trust: 0.6
vendor:	blue coat	model:	ssl visibility appliance sv800	scope:	eq	version:	3.8.3	Trust: 0.6
vendor:	blue coat	model:	ssl visibility appliance sv2800	scope:	eq	version:	3.8.3	Trust: 0.6
vendor:	blue coat	model:	ssl visibility appliance sv1800	scope:	eq	version:	3.8.3	Trust: 0.6
vendor:	blue coat	model:	ssl visibility appliance sv3800	scope:	eq	version:	3.8.3	Trust: 0.6
vendor:	bluecoat	model:	sv800	scope:	eq	version:	3.8.3	Trust: 0.3
vendor:	bluecoat	model:	sv800	scope:	eq	version:	3.6	Trust: 0.3
vendor:	bluecoat	model:	sv3800	scope:	eq	version:	3.8.3	Trust: 0.3
vendor:	bluecoat	model:	sv3800	scope:	eq	version:	3.6	Trust: 0.3
vendor:	bluecoat	model:	sv2800	scope:	eq	version:	3.8.3	Trust: 0.3
vendor:	bluecoat	model:	sv2800	scope:	eq	version:	3.6	Trust: 0.3
vendor:	bluecoat	model:	sv1800	scope:	eq	version:	3.8.3	Trust: 0.3
vendor:	bluecoat	model:	sv1800	scope:	eq	version:	3.6	Trust: 0.3
vendor:	bluecoat	model:	sv800	scope:	ne	version:	3.8.4	Trust: 0.3
vendor:	bluecoat	model:	sv3800	scope:	ne	version:	3.8.4	Trust: 0.3
vendor:	bluecoat	model:	sv2800	scope:	ne	version:	3.8.4	Trust: 0.3
vendor:	bluecoat	model:	sv1800	scope:	ne	version:	3.8.4	Trust: 0.3

sources: CERT/CC: VU#498348 // CNVD: CNVD-2015-03629 // BID: 74921 // JVNDB: JVNDB-2015-002885 // CNNVD: CNNVD-201505-606 // NVD: CVE-2015-2855

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-2855
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-2855
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03629
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201505-606
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-80816
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-2855
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03629
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-80816
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03629 // VULHUB: VHN-80816 // JVNDB: JVNDB-2015-002885 // CNNVD: CNNVD-201505-606 // NVD: CVE-2015-2855

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-80816 // JVNDB: JVNDB-2015-002885 // NVD: CVE-2015-2855

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-606

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201505-606

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002885

PATCH

title:	SA96	url:	https://bto.bluecoat.com/security-advisory/sa96	Trust: 0.8
title:	Patches for various Blue Coat Systems SSL Visibility Appliance product information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/59400	Trust: 0.6

sources: CNVD: CNVD-2015-03629 // JVNDB: JVNDB-2015-002885

EXTERNAL IDS

db:	CERT/CC	id:	VU#498348	Trust: 4.2
db:	NVD	id:	CVE-2015-2855	Trust: 3.4
db:	BID	id:	74921	Trust: 2.0
db:	JVN	id:	JVNVU97084421	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002885	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-606	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03629	Trust: 0.6
db:	VULHUB	id:	VHN-80816	Trust: 0.1

sources: CERT/CC: VU#498348 // CNVD: CNVD-2015-03629 // VULHUB: VHN-80816 // BID: 74921 // JVNDB: JVNDB-2015-002885 // CNNVD: CNNVD-201505-606 // NVD: CVE-2015-2855

REFERENCES

url:	http://www.kb.cert.org/vuls/id/498348	Trust: 3.4
url:	https://bto.bluecoat.com/security-advisory/sa96	Trust: 2.5
url:	http://www.securityfocus.com/bid/74921	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2855	Trust: 1.4
url:	https://bto.bluecoat.com/news/ssl-visibility-v3.8.4-released	Trust: 0.8
url:	https://fishnetsecurity.com/6labs/blog/vulnerabilities-bluecoat-ssl-visibility-appliances	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/352.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/384.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/20.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2855	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97084421/index.html	Trust: 0.8
url:	https://www.bluecoat.com/products/ssl-visibility-appliance	Trust: 0.3

sources: CERT/CC: VU#498348 // CNVD: CNVD-2015-03629 // VULHUB: VHN-80816 // BID: 74921 // JVNDB: JVNDB-2015-002885 // CNNVD: CNNVD-201505-606 // NVD: CVE-2015-2855

CREDITS

Tim MalcomVetter of FishNet Security

Trust: 0.3

sources: BID: 74921

SOURCES

db:	CERT/CC	id:	VU#498348
db:	CNVD	id:	CNVD-2015-03629
db:	VULHUB	id:	VHN-80816
db:	BID	id:	74921
db:	JVNDB	id:	JVNDB-2015-002885
db:	CNNVD	id:	CNNVD-201505-606
db:	NVD	id:	CVE-2015-2855

LAST UPDATE DATE

2025-04-13T23:23:45.177000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#498348	date:	2015-06-02T00:00:00
db:	CNVD	id:	CNVD-2015-03629	date:	2015-06-09T00:00:00
db:	VULHUB	id:	VHN-80816	date:	2016-12-03T00:00:00
db:	BID	id:	74921	date:	2015-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002885	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-606	date:	2015-06-05T00:00:00
db:	NVD	id:	CVE-2015-2855	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#498348	date:	2015-05-29T00:00:00
db:	CNVD	id:	CNVD-2015-03629	date:	2015-06-08T00:00:00
db:	VULHUB	id:	VHN-80816	date:	2015-05-30T00:00:00
db:	BID	id:	74921	date:	2015-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002885	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-606	date:	2015-05-30T00:00:00
db:	NVD	id:	CVE-2015-2855	date:	2015-05-30T19:59:07.847