CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5774
https://notcve.org/view.php?id=CVE-2016-5774
The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters. El servidor HTTPS en Blue Coat PacketShaper S-Series 11.5.x en versiones anteriores a 11.5.3.2 podría permitir a atacantes remotos obtener credenciales sensibles y otra información a través de vectores no especificados, relacionado con el uso de parámetros criptográficos inseguros. • http://www.securityfocus.com/bid/91455 https://bto.bluecoat.com/security-advisory/sa127 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2015-2852
https://notcve.org/view.php?id=CVE-2015-2852
Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de CSRF en el componente WebUI en Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, y SV3800 3.6.x hasta 3.8.x anterior a 3.8.4 permite a atacantes remotos secuestrar la autenticación de administradores. • http://www.kb.cert.org/vuls/id/498348 http://www.securityfocus.com/bid/74921 https://bto.bluecoat.com/security-advisory/sa96 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-2853
https://notcve.org/view.php?id=CVE-2015-2853
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID. Vulnerabilidad de fijación de sesión en el componente WebUI en Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, y SV3800 3.6.x hasta 3.8.x anterior a 3.8.4 permite a atacantes remotos secuestrar sesiones web mediante la provisión de un identificador de sesión. • http://www.kb.cert.org/vuls/id/498348 http://www.securityfocus.com/bid/74921 https://bto.bluecoat.com/security-advisory/sa96 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2015-2854
https://notcve.org/view.php?id=CVE-2015-2854
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element. El componente WebUI en Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, y SV3800 3.6.x hasta 3.8.x anterior a 3.8.4 no envía una cabecera HTTP X-Frame-Options restrictivo, lo que permite a atacantes remotos realizar ataques de clickjacking a través de vectores que involucran un elemento IFRAME. • http://www.kb.cert.org/vuls/id/498348 http://www.securityfocus.com/bid/74921 https://bto.bluecoat.com/security-advisory/sa96 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2015-2855
https://notcve.org/view.php?id=CVE-2015-2855
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138. El componente WebUI en Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, y SV3800 3.6.x hasta 3.8.x anterior a 3.8.4 no configura el indicador de seguro para la cookie del administrador en una sesión htttps, lo que facilita a atacantes remotos capturar esta cookie mediante la intercepción de su transmisión dentro de una sesión http, una vulnerabilidad diferente a CVE-2015-4138. • http://www.kb.cert.org/vuls/id/498348 http://www.securityfocus.com/bid/74921 https://bto.bluecoat.com/security-advisory/sa96 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •