{"vuid":"VU#498348","idnumber":"498348","name":"Blue Coat SSL Visibility Appliance contains multiple vulnerabilities","keywords":["blue coat","ssl visibility","csrf","clickjacking","information exposure","xss","session fixation"],"overview":"Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities.","clean_desc":"Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities. CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2015-2852 Blue Coat SSL Visibility Appliance contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. CWE-384: Session Fixation - CVE-2015-2853 A user's session ID is set prior to authentication, and is not invalidated or changed at the time of authentication. An attacker capable of obtaining or setting a session ID can hijack a victim user's session. CWE-20: Improper Input Validation - CVE-2015-2854 Blue Coat SSL Visibility Appliance does not enforce same origin policy in X-Frame-Options response headers. An attacker can conduct clickjacking attacks via a crafted web page. CWE-200: Information Exposure - CVE-2015-2855 Sensitive cookies do not have either the Secure or HttpOnly flags set. An attacker capable of sniffing network traffic can intercept or manipulate a victim user's session ID. The CVSS score reflects CVE-2015-2852. For more information about these issues, see FishNet Security's write-up.","impact":"A remote, unauthenticated attacker may be able to obtain another user's session ID, spoof a victim user's session, and perform actions with the same permissions of a victim user.","resolution":"Apply an update Blue Coat has released SSL Visibility version 3.8.4 to address these issues. Refer to the vendor's security advisory for more details.","workarounds":"","sysaffected":"","thanks":"Thanks to Tim MalcomVetter of FishNet Security for reporting this vulnerability.","author":"This document was written by Joel Land.","public":["https://bto.bluecoat.com/news/ssl-visibility-v3.8.4-released","https://bto.bluecoat.com/security-advisory/sa96","https://fishnetsecurity.com/6labs/blog/vulnerabilities-bluecoat-ssl-visibility-appliances","http://cwe.mitre.org/data/definitions/352.html","http://cwe.mitre.org/data/definitions/384.html","http://cwe.mitre.org/data/definitions/20.html","https://cwe.mitre.org/data/definitions/200.html","https://cwe.mitre.org/data/definitions/79.html"],"cveids":["CVE-2015-2852","CVE-2015-2853","CVE-2015-2854","CVE-2015-2855"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-04-07T19:58:09Z","publicdate":"2015-05-29T00:00:00Z","datefirstpublished":"2015-05-29T19:26:10Z","dateupdated":"2015-06-02T15:14:28Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.8","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"5.3","cvss_environmentalscore":"4.00641675301744","cvss_environmentalvector":"CDP:N/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}