CVE-2015-2854 — MEDIUM (4.3)

Q: How severe is CVE-2015-2854?

CVE-2015-2854 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-2854?

Check the references section above for vendor advisories and patch information. Affected products include: Blue Coat Ssl Visibility Appliance Sv800 Firmware, Blue Coat Ssl Visibility Appliance Sv800, Blue Coat Ssl Visibility Appliance Sv1800 Firmware, Blue Coat Ssl Visibility Appliance Sv1800, Blue Coat Ssl Visibility Appliance Sv2800 Firmware.

Vulnerability Description

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Blue Coat	Ssl Visibility Appliance Sv800 Firmware	<= 3.8.3
Blue Coat	Ssl Visibility Appliance Sv800	-
Blue Coat	Ssl Visibility Appliance Sv1800 Firmware	<= 3.8.3
Blue Coat	Ssl Visibility Appliance Sv1800	-
Blue Coat	Ssl Visibility Appliance Sv2800 Firmware	<= 3.8.3
Blue Coat	Ssl Visibility Appliance Sv2800	-
Blue Coat	Ssl Visibility Appliance Sv3800 Firmware	<= 3.8.3
Blue Coat	Ssl Visibility Appliance Sv3800	-

Related Weaknesses (CWE)

CWE-20

References

http://www.kb.cert.org/vuls/id/498348Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/74921
https://bto.bluecoat.com/security-advisory/sa96Vendor Advisory
http://www.kb.cert.org/vuls/id/498348Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/74921
https://bto.bluecoat.com/security-advisory/sa96Vendor Advisory

FAQ

What is CVE-2015-2854?

CVE-2015-2854 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remot...

How severe is CVE-2015-2854?

CVE-2015-2854 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-2854?

Check the references section above for vendor advisories and patch information. Affected products include: Blue Coat Ssl Visibility Appliance Sv800 Firmware, Blue Coat Ssl Visibility Appliance Sv800, Blue Coat Ssl Visibility Appliance Sv1800 Firmware, Blue Coat Ssl Visibility Appliance Sv1800, Blue Coat Ssl Visibility Appliance Sv2800 Firmware.