Search criteria
4 vulnerabilities found for web_filter by barracuda
CVE-2015-0962 (GCVE-0-2015-0962)
Vulnerability from nvd – Published: 2015-05-25 22:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T22:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#534407",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"name": "https://techlib.barracuda.com/BWF/UpdateSSLCerts",
"refsource": "CONFIRM",
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"name": "https://www.barracuda.com/support/techalerts",
"refsource": "CONFIRM",
"url": "https://www.barracuda.com/support/techalerts"
},
{
"name": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/",
"refsource": "CONFIRM",
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0962",
"datePublished": "2015-05-25T22:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0961 (GCVE-0-2015-0961)
Vulnerability from nvd – Published: 2015-05-25 22:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T22:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#534407",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"name": "https://techlib.barracuda.com/BWF/UpdateSSLCerts",
"refsource": "CONFIRM",
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"name": "https://www.barracuda.com/support/techalerts",
"refsource": "CONFIRM",
"url": "https://www.barracuda.com/support/techalerts"
},
{
"name": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/",
"refsource": "CONFIRM",
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0961",
"datePublished": "2015-05-25T22:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0961 (GCVE-0-2015-0961)
Vulnerability from cvelistv5 – Published: 2015-05-25 22:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T22:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#534407",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"name": "https://techlib.barracuda.com/BWF/UpdateSSLCerts",
"refsource": "CONFIRM",
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"name": "https://www.barracuda.com/support/techalerts",
"refsource": "CONFIRM",
"url": "https://www.barracuda.com/support/techalerts"
},
{
"name": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/",
"refsource": "CONFIRM",
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0961",
"datePublished": "2015-05-25T22:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0962 (GCVE-0-2015-0962)
Vulnerability from cvelistv5 – Published: 2015-05-25 22:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T22:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#534407",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"name": "https://techlib.barracuda.com/BWF/UpdateSSLCerts",
"refsource": "CONFIRM",
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"name": "https://www.barracuda.com/support/techalerts",
"refsource": "CONFIRM",
"url": "https://www.barracuda.com/support/techalerts"
},
{
"name": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/",
"refsource": "CONFIRM",
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0962",
"datePublished": "2015-05-25T22:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}