CVE-2015-2854

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
blue_coatssl_visibility_appliance_sv800_firmware
𝑥
≤ 3.8.3
blue_coatssl_visibility_appliance_sv1800_firmware
𝑥
≤ 3.8.3
blue_coatssl_visibility_appliance_sv2800_firmware
𝑥
≤ 3.8.3
blue_coatssl_visibility_appliance_sv3800_firmware
𝑥
≤ 3.8.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/498348
http://www.securityfocus.com/bid/74921
https://bto.bluecoat.com/security-advisory/sa96
http://www.kb.cert.org/vuls/id/498348
http://www.securityfocus.com/bid/74921
https://bto.bluecoat.com/security-advisory/sa96