CVE-2015-2854 Information

Description

The WebUI component in Blue Coat SSL Visibility Appliance SV800 SV1800 SV2800 and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element.

Reference

http://www.kb.cert.org/vuls/id/498348 http://www.securityfocus.com/bid/74921 https://bto.bluecoat.com/security-advisory/sa96