CVE-2015-2852: CSRF
First published: Sat May 30 2015(Updated: )
Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Blue Coat SSL Visibility Appliance SV2800 | <=3.8.3 | |
| Blue Coat SSL Visibility Appliance SV2800 Firmware | ||
| Broadcom SSL Visibility Appliance | <=3.8.3 | |
| Blue Coat SSL Visibility Appliance SV1800 Firmware | ||
| Broadcom SSL Visibility Appliance | <=3.8.3 | |
| Blue Coat SSL Visibility Appliance SV3800 Firmware | ||
| Bluecoat Ssl Visibility Appliance Sv800 Firmware | <=3.8.3 | |
| Broadcom SSL Visibility Appliance |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2852?
CVE-2015-2852 is considered a high-severity cross-site request forgery vulnerability that can lead to unauthorized administrator access.
How do I fix CVE-2015-2852?
To address CVE-2015-2852, upgrade the Blue Coat SSL Visibility Appliance firmware to version 3.8.4 or later.
Which versions of the Blue Coat SSL Visibility Appliance are affected by CVE-2015-2852?
CVE-2015-2852 affects versions 3.6.x through 3.8.3 of the Blue Coat SSL Visibility Appliance.
What are the risks associated with CVE-2015-2852?
Exploitation of CVE-2015-2852 could allow an attacker to hijack administrator sessions and perform unauthorized actions.
Is there a workaround for CVE-2015-2852?
There is no documented workaround for CVE-2015-2852; the recommended action is to update to the latest firmware.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/blue coat
- canonical/blue coat ssl visibility appliance sv2800
- version/blue coat ssl visibility appliance sv2800/3.8.3
- canonical/blue coat ssl visibility appliance sv2800 firmware
- canonical/broadcom ssl visibility appliance
- version/broadcom ssl visibility appliance/3.8.3
- canonical/blue coat ssl visibility appliance sv1800 firmware
- canonical/blue coat ssl visibility appliance sv3800 firmware
- canonical/bluecoat ssl visibility appliance sv800 firmware
- version/bluecoat ssl visibility appliance sv800 firmware/3.8.3