CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4138
https://notcve.org/view.php?id=CVE-2015-4138
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855. El componente WebUI en Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, y SV3800 3.6.x hasta 3.8.x anterior a 3.8.4 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie del administrador, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de el acceso de secuencias de comandos a esta cookie, una vulnerabilidad diferente a CVE-2015-2855. • http://www.kb.cert.org/vuls/id/498348 https://bto.bluecoat.com/security-advisory/sa96 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0937
https://notcve.org/view.php?id=CVE-2015-0937
Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en search.php en el dispositivo Blue Coat Malware Analysis con software anterior a 4.2.4.20150312-RELEASE permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.kb.cert.org/vuls/id/274244 https://bto.bluecoat.com/security-advisory/sa94 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0938
https://notcve.org/view.php?id=CVE-2015-0938
search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter. search.php en el dispositivo Blue Coat Malware Analysis con software anterior a 4.2.4.20150312-RELEASE permite a atacantes remotos evadir las restricciones de acceso, y listar o leer documentos arbitrarios, mediante la provisión de palabras clave coincidentes en conjunto con un parámetro manipulado. • http://www.kb.cert.org/vuls/id/274244 https://bto.bluecoat.com/security-advisory/sa94 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4515
https://notcve.org/view.php?id=CVE-2008-4515
Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. Blue Coat K9 Web Protection 4.0.230 Beta basado en el JavaScript del cliente como mecanismo de proteccion, permite a atacantes remotos evitar la autenticación y el acceso a (1) summary, (2) detail, (3) overrides, and (4) pwemail desactivando el JavaScript. • http://dicas3000.blogspot.com/2008/10/blue-coat-k9-web-protection-v40230-beta.html http://seclists.org/fulldisclosure/2008/Oct/0070.html http://www.securityfocus.com/bid/31584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45696 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 9%CPEs: 2EXPL: 0CVE-2007-2952
https://notcve.org/view.php?id=CVE-2007-2952
Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field. Múltiples desbordamientos de búfer basados en pila del servicio de filtros (aka k9filter.exe) en Blue Coat K9 Web Protection 3.2.44 con Filter 3.2.32 permite (1) a atacantes remotos ejecutar código arbitrariamente mediante una cabecera larga HTTP Referer al interfaz web K9 Web Protection Administration y (2) a los atacantes "man-in-the-middle" ejecutar código de su elección a través de una respuesta con una versión de campo HTTP larga. • http://secunia.com/advisories/25813 http://secunia.com/secunia_research/2007-61/advisory http://secunia.com/secunia_research/2007-64/advisory http://www.securityfocus.com/archive/1/494975/100/0/threaded http://www.securityfocus.com/archive/1/494984/100/0/threaded http://www.securityfocus.com/bid/30463 http://www.securityfocus.com/bid/30464 http://www.securitytracker.com/id?1020587 http://www.securitytracker.com/id?1020588 http://www.vupen.com/english/advisories/2008/2263/r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •