Unrated severityNVD Advisory· Published May 30, 2015· Updated May 6, 2026

CVE-2015-4138

Description

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855.

Affected products

Blue Coat/SSL Visibility Appliance Sv1800 Firmware
cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:*
Range: <=3.8.3
Blue Coat/SSL Visibility Appliance Sv2800 Firmware
cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:*
Range: <=3.8.3
Blue Coat/SSL Visibility Appliance Sv3800 Firmware
cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:*
Range: <=3.8.3
Blue Coat/SSL Visibility Appliance Sv800 Firmware
cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:*
Range: <=3.8.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/498348nvdThird Party AdvisoryUS Government Resource
bto.bluecoat.com/security-advisory/sa96nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000