Unrated severityNVD Advisory· Published May 30, 2015· Updated May 6, 2026

CVE-2015-2854

Description

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element.

Affected products

Blue Coat/SSL Visibility Appliance Sv1800 Firmware
cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:*
Range: <=3.8.3
Blue Coat/SSL Visibility Appliance Sv2800 Firmware
cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:*
Range: <=3.8.3
Blue Coat/SSL Visibility Appliance Sv3800 Firmware
cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:*
Range: <=3.8.3
Blue Coat/SSL Visibility Appliance Sv800 Firmware
cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:*
Range: <=3.8.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/498348nvdThird Party AdvisoryUS Government Resource
bto.bluecoat.com/security-advisory/sa96nvdVendor Advisory
www.securityfocus.com/bid/74921nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000