CVE-2015-2853
First published: Sat May 30 2015(Updated: )
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom SSL Visibility Appliance | <=3.8.3 | |
| Blue Coat SSL Visibility Appliance SV3800 Firmware | ||
| Blue Coat SSL Visibility Appliance SV2800 | <=3.8.3 | |
| Blue Coat SSL Visibility Appliance SV2800 Firmware | ||
| Broadcom SSL Visibility Appliance | <=3.8.3 | |
| Blue Coat SSL Visibility Appliance SV1800 Firmware | ||
| Bluecoat Ssl Visibility Appliance Sv800 Firmware | <=3.8.3 | |
| Broadcom SSL Visibility Appliance |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2853?
CVE-2015-2853 has a high severity rating due to the potential for remote attackers to hijack web sessions.
How do I fix CVE-2015-2853?
To resolve CVE-2015-2853, upgrade the Blue Coat SSL Visibility Appliance firmware to version 3.8.4 or later.
What systems are affected by CVE-2015-2853?
CVE-2015-2853 affects the Blue Coat SSL Visibility Appliance models SV800, SV1800, SV2800, and SV3800 running firmware versions 3.6.x to 3.8.3.
What type of attack does CVE-2015-2853 allow?
CVE-2015-2853 allows attackers to conduct session fixation attacks, potentially taking control of user sessions.
What is session fixation in relation to CVE-2015-2853?
Session fixation in CVE-2015-2853 refers to a vulnerability where attackers can set a specific session ID, enabling them to hijack user sessions.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/blue coat
- canonical/broadcom ssl visibility appliance
- version/broadcom ssl visibility appliance/3.8.3
- canonical/blue coat ssl visibility appliance sv3800 firmware
- canonical/blue coat ssl visibility appliance sv2800
- version/blue coat ssl visibility appliance sv2800/3.8.3
- canonical/blue coat ssl visibility appliance sv2800 firmware
- canonical/blue coat ssl visibility appliance sv1800 firmware
- canonical/bluecoat ssl visibility appliance sv800 firmware
- version/bluecoat ssl visibility appliance sv800 firmware/3.8.3