Vulnerability Description
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Barracuda | Web Filter | 7.0 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/534407Third Party AdvisoryUS Government Resource
- https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-Vendor Advisory
- https://techlib.barracuda.com/BWF/UpdateSSLCertsVendor Advisory
- https://www.barracuda.com/support/techalertsVendor Advisory
- http://www.kb.cert.org/vuls/id/534407Third Party AdvisoryUS Government Resource
- https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-Vendor Advisory
- https://techlib.barracuda.com/BWF/UpdateSSLCertsVendor Advisory
- https://www.barracuda.com/support/techalertsVendor Advisory
FAQ
What is CVE-2015-0962?
CVE-2015-0962 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easi...
How severe is CVE-2015-0962?
CVE-2015-0962 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0962?
Check the references section above for vendor advisories and patch information. Affected products include: Barracuda Web Filter.