Security Advisory

CVE-2015-4138

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-05-30 19:00:00

Last updated 2024-08-06 06:04:02

Assigner certcc

State PUBLISHED

Description

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrators cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855.

← Browse all CVEs View on cve.org ↗