Vulnerability-Lookup

CVE-2015-2852 (GCVE-0-2015-2852)

Vulnerability from cvelistv5 – Published: 2015-05-30 19:00 – Updated: 2024-08-06 05:24

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

FKIE_CVE-2015-2852

Vulnerability from fkie_nvd - Published: 2015-05-30 19:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://www.kb.cert.org/vuls/id/498348	Third Party Advisory, US Government Resource
cret@cert.org	http://www.securityfocus.com/bid/74921
cret@cert.org	https://bto.bluecoat.com/security-advisory/sa96	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/498348	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74921
af854a3a-2127-422b-91ae-364da2661108	https://bto.bluecoat.com/security-advisory/sa96	Vendor Advisory

Impacted products

Vendor	Product	Version
blue_coat	ssl_visibility_appliance_sv2800_firmware	*
blue_coat	ssl_visibility_appliance_sv2800	-
blue_coat	ssl_visibility_appliance_sv1800_firmware	*
blue_coat	ssl_visibility_appliance_sv1800	-
blue_coat	ssl_visibility_appliance_sv3800_firmware	*
blue_coat	ssl_visibility_appliance_sv3800	-
blue_coat	ssl_visibility_appliance_sv800_firmware	*
blue_coat	ssl_visibility_appliance_sv800	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "041A6762-C233-4163-8692-4DE054F1C9EE",
              "versionEndIncluding": "3.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B04FC6-F165-4590-B088-7F126667ACD3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "658F9B38-DA76-4CF8-961C-DCD596DEC697",
              "versionEndIncluding": "3.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F280A1EE-FEB6-435E-B566-132E9C2F54C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E52942-0C82-472D-8065-8D33221285EE",
              "versionEndIncluding": "3.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CA4AEA-C309-4E96-8835-CADB7FA32C05",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A543761-A119-465D-A249-47347CE5EED9",
              "versionEndIncluding": "3.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB72CFF6-C8B6-429C-A036-2560CAE3C713",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en el componente WebUI en Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, y SV3800 3.6.x hasta 3.8.x anterior a 3.8.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores."
    }
  ],
  "id": "CVE-2015-2852",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-05-30T19:59:04.897",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/498348"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/74921"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa96"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/498348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa96"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-03562

Vulnerability from cnvd - Published: 2015-06-04

Title

多款Blue Coat Systems SSL Visibility Appliance产品跨站请求伪造漏洞

Description

Blue Coat Systems SSL Visibility Appliance SV800是美国Blue Coat Systems公司的一套提供对加密流量的完整可见性的管理设备。该设备提供专用加密流量管理平台、易于使用的策略执行点和自适应的安全解决方案等功能。多款Blue Coat Systems SSL Visibility Appliance产品的WebUI组件中存在跨站请求伪造漏洞，允许远程攻击者构建恶意URI，诱使用户解析，可以在目标用户上下文执行恶意操作。

Severity

中

Patch Name

多款Blue Coat Systems SSL Visibility Appliance产品跨站请求伪造漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://bto.bluecoat.com/news/ssl-visibility-v3.8.4-released

Reference

http://www.kb.cert.org/vuls/id/498348

Impacted products

Name
['Blue Coat SSL Visibility Appliance SV800', 'Blue Coat SSL Visibility Appliance SV3800 (3.6.x-3.8.x)<3.8.4', 'Blue Coat SSL Visibility Appliance SV2800', 'Blue Coat SSL Visibility Appliance SV1800']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "74921"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2852"
    }
  },
  "description": "Blue Coat Systems SSL Visibility Appliance SV800\u662f\u7f8e\u56fdBlue Coat Systems\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u5bf9\u52a0\u5bc6\u6d41\u91cf\u7684\u5b8c\u6574\u53ef\u89c1\u6027\u7684\u7ba1\u7406\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u63d0\u4f9b\u4e13\u7528\u52a0\u5bc6\u6d41\u91cf\u7ba1\u7406\u5e73\u53f0\u3001\u6613\u4e8e\u4f7f\u7528\u7684\u7b56\u7565\u6267\u884c\u70b9\u548c\u81ea\u9002\u5e94\u7684\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u7b49\u529f\u80fd\u3002\r\n\r\n\u591a\u6b3eBlue Coat Systems SSL Visibility Appliance\u4ea7\u54c1\u7684WebUI\u7ec4\u4ef6\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u5728\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002",
  "discovererName": "Tim MalcomVetter of FishNet Security",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://bto.bluecoat.com/news/ssl-visibility-v3.8.4-released",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03562",
  "openTime": "2015-06-04",
  "patchDescription": "Blue Coat Systems SSL Visibility Appliance SV800\u662f\u7f8e\u56fdBlue Coat Systems\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u5bf9\u52a0\u5bc6\u6d41\u91cf\u7684\u5b8c\u6574\u53ef\u89c1\u6027\u7684\u7ba1\u7406\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u63d0\u4f9b\u4e13\u7528\u52a0\u5bc6\u6d41\u91cf\u7ba1\u7406\u5e73\u53f0\u3001\u6613\u4e8e\u4f7f\u7528\u7684\u7b56\u7565\u6267\u884c\u70b9\u548c\u81ea\u9002\u5e94\u7684\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u7b49\u529f\u80fd\u3002\u591a\u6b3eBlue Coat Systems SSL Visibility Appliance\u4ea7\u54c1\u7684WebUI\u7ec4\u4ef6\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u5728\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eBlue Coat Systems SSL Visibility Appliance\u4ea7\u54c1\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Blue Coat SSL Visibility Appliance SV800",
      "Blue Coat SSL Visibility Appliance SV3800 (3.6.x-3.8.x)\u003c3.8.4",
      "Blue Coat SSL Visibility Appliance SV2800",
      "Blue Coat SSL Visibility Appliance SV1800"
    ]
  },
  "referenceLink": "http://www.kb.cert.org/vuls/id/498348",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-01",
  "title": "\u591a\u6b3eBlue Coat Systems SSL Visibility Appliance\u4ea7\u54c1\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CERTFR-2015-AVI-241

Vulnerability from certfr_avis - Published: 2015-06-02 - Updated: 2015-06-02

De multiples vulnérabilités ont été corrigées dans Blue Coat SSL Visibility. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Blue Coat SSL Visibility versions antérieures à 3.8.4

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

GSD-2015-2852

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-2852

Aliases

CVE-2015-2852

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2852",
    "description": "Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.",
    "id": "GSD-2015-2852"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2852"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.",
      "id": "GSD-2015-2852",
      "modified": "2023-12-13T01:20:00.202743Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-2852",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#498348",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/498348"
          },
          {
            "name": "https://bto.bluecoat.com/security-advisory/sa96",
            "refsource": "CONFIRM",
            "url": "https://bto.bluecoat.com/security-advisory/sa96"
          },
          {
            "name": "74921",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/74921"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.8.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.8.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.8.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.8.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-2852"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa96",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa96"
            },
            {
              "name": "VU#498348",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/498348"
            },
            {
              "name": "74921",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/74921"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-12-03T03:07Z",
      "publishedDate": "2015-05-30T19:59Z"
    }
  }
}

GHSA-VHHV-VF9P-2M37

Vulnerability from github – Published: 2022-05-17 03:33 – Updated: 2022-05-17 03:33

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-30T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.",
  "id": "GHSA-vhhv-vf9p-2m37",
  "modified": "2022-05-17T03:33:36Z",
  "published": "2022-05-17T03:33:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2852"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa96"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/498348"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74921"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201505-0108

Vulnerability from variot - Updated: 2025-04-13 23:23

Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. The appliance provides features such as a dedicated encrypted traffic management platform, easy-to-use policy enforcement points, and an adaptive security solution. Successfully exploiting these vulnerabilities will allow attackers to perform certain unauthorized actions, hijack an arbitrary session, gain access to the sensitive information or compromise the affected application. Other attacks are also possible. It is the core of encrypted traffic management, can provide visibility to SSL traffic, and supports the addition of SSL inspection functions to advanced threat protection solutions programs and existing network security architecture. A remote attacker could exploit this vulnerability to perform unauthorized operations

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0108",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ssl visibility appliance sv3800",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "blue coat",
        "version": "3.8.3"
      },
      {
        "model": "ssl visibility appliance sv800",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "blue coat",
        "version": "3.8.3"
      },
      {
        "model": "ssl visibility appliance sv1800",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "blue coat",
        "version": "3.8.3"
      },
      {
        "model": "ssl visibility appliance sv2800",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "blue coat",
        "version": "3.8.3"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "ssl visibility appliance sv1800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "3.6.x from  3.8.4"
      },
      {
        "model": "ssl visibility appliance sv800",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "3.8.x"
      },
      {
        "model": "ssl visibility appliance sv1800",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "3.8.x"
      },
      {
        "model": "ssl visibility appliance sv2800",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "ssl visibility appliance sv3800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "3.6.x from  3.8.4"
      },
      {
        "model": "ssl visibility appliance sv800",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "ssl visibility appliance sv3800",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "ssl visibility appliance sv2800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "3.6.x from  3.8.4"
      },
      {
        "model": "ssl visibility appliance sv3800",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "3.8.x"
      },
      {
        "model": "ssl visibility appliance sv800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "3.6.x from  3.8.4"
      },
      {
        "model": "ssl visibility appliance sv1800",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "ssl visibility appliance sv2800",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "3.8.x"
      },
      {
        "model": "coat ssl visibility appliance sv800",
        "scope": null,
        "trust": 0.6,
        "vendor": "blue",
        "version": null
      },
      {
        "model": "coat ssl visibility appliance sv3800",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "blue",
        "version": "(3.6.x-3.8.x)\u003c3.8.4"
      },
      {
        "model": "coat ssl visibility appliance sv2800",
        "scope": null,
        "trust": 0.6,
        "vendor": "blue",
        "version": null
      },
      {
        "model": "coat ssl visibility appliance sv1800",
        "scope": null,
        "trust": 0.6,
        "vendor": "blue",
        "version": null
      },
      {
        "model": "ssl visibility appliance sv800",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "blue coat",
        "version": "3.8.3"
      },
      {
        "model": "ssl visibility appliance sv1800",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "blue coat",
        "version": "3.8.3"
      },
      {
        "model": "ssl visibility appliance sv3800",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "blue coat",
        "version": "3.8.3"
      },
      {
        "model": "ssl visibility appliance sv2800",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "blue coat",
        "version": "3.8.3"
      },
      {
        "model": "sv800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8.3"
      },
      {
        "model": "sv800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.6"
      },
      {
        "model": "sv3800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8.3"
      },
      {
        "model": "sv3800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.6"
      },
      {
        "model": "sv2800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8.3"
      },
      {
        "model": "sv2800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.6"
      },
      {
        "model": "sv1800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8.3"
      },
      {
        "model": "sv1800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.6"
      },
      {
        "model": "sv800",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8.4"
      },
      {
        "model": "sv3800",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8.4"
      },
      {
        "model": "sv2800",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8.4"
      },
      {
        "model": "sv1800",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8.4"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#498348"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "db": "BID",
        "id": "74921"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2852"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:bluecoat:ssl_visibility_appliance_sv1800",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:bluecoat:ssl_visibility_appliance_sv1800_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:bluecoat:ssl_visibility_appliance_sv2800",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:bluecoat:ssl_visibility_appliance_sv2800_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:bluecoat:ssl_visibility_appliance_sv3800",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:bluecoat:ssl_visibility_appliance_sv3800_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:bluecoat:ssl_visibility_appliance_sv800",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:bluecoat:ssl_visibility_appliance_sv800_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tim MalcomVetter of FishNet Security",
    "sources": [
      {
        "db": "BID",
        "id": "74921"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-2852",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-2852",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2015-03562",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-80813",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-2852",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-2852",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-03562",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-603",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80813",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80813"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2852"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. The appliance provides features such as a dedicated encrypted traffic management platform, easy-to-use policy enforcement points, and an adaptive security solution. \nSuccessfully exploiting these vulnerabilities will allow attackers to perform certain unauthorized actions, hijack an arbitrary session, gain access to the sensitive information or compromise the affected application. Other attacks are also possible. It is the core of encrypted traffic management, can provide visibility to SSL traffic, and supports the addition of SSL inspection functions to advanced threat protection solutions programs and existing network security architecture. A remote attacker could exploit this vulnerability to perform unauthorized operations",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2852"
      },
      {
        "db": "CERT/CC",
        "id": "VU#498348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "db": "BID",
        "id": "74921"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80813"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#498348",
        "trust": 4.2
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2852",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "74921",
        "trust": 2.0
      },
      {
        "db": "JVN",
        "id": "JVNVU97084421",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-603",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-80813",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#498348"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80813"
      },
      {
        "db": "BID",
        "id": "74921"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2852"
      }
    ]
  },
  "id": "VAR-201505-0108",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80813"
      }
    ],
    "trust": 1.311166
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:23:45.249000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SA96",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa96"
      },
      {
        "title": "Patches for Cross-Site Request Forgery Vulnerabilities in Several Blue Coat Systems SSL Visibility Appliance Products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/59273"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80813"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2852"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.kb.cert.org/vuls/id/498348"
      },
      {
        "trust": 2.5,
        "url": "https://bto.bluecoat.com/security-advisory/sa96"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/74921"
      },
      {
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/news/ssl-visibility-v3.8.4-released"
      },
      {
        "trust": 0.8,
        "url": "https://fishnetsecurity.com/6labs/blog/vulnerabilities-bluecoat-ssl-visibility-appliances"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/352.html"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/384.html"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2852"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97084421/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2852"
      },
      {
        "trust": 0.3,
        "url": "https://www.bluecoat.com/products/ssl-visibility-appliance"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#498348"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80813"
      },
      {
        "db": "BID",
        "id": "74921"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2852"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#498348"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80813"
      },
      {
        "db": "BID",
        "id": "74921"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2852"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-29T00:00:00",
        "db": "CERT/CC",
        "id": "VU#498348"
      },
      {
        "date": "2015-06-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "date": "2015-05-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80813"
      },
      {
        "date": "2015-06-01T00:00:00",
        "db": "BID",
        "id": "74921"
      },
      {
        "date": "2015-06-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      },
      {
        "date": "2015-05-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-603"
      },
      {
        "date": "2015-05-30T19:59:04.897000",
        "db": "NVD",
        "id": "CVE-2015-2852"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#498348"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03562"
      },
      {
        "date": "2016-12-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80813"
      },
      {
        "date": "2015-06-01T00:00:00",
        "db": "BID",
        "id": "74921"
      },
      {
        "date": "2015-06-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002884"
      },
      {
        "date": "2015-06-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-603"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-2852"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-603"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Blue Coat SSL Visibility Appliance contains multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#498348"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-603"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2852 (GCVE-0-2015-2852)

FKIE_CVE-2015-2852

CNVD-2015-03562

CERTFR-2015-AVI-241

Solution

GSD-2015-2852

GHSA-VHHV-VF9P-2M37

VAR-201505-0108

Tags

Sightings

Nomenclature