Search criteria
6 vulnerabilities found for web_filter by barracuda
FKIE_CVE-2015-0962
Vulnerability from fkie_nvd - Published: 2015-05-25 22:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/534407 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/ | Vendor Advisory | |
| cret@cert.org | https://techlib.barracuda.com/BWF/UpdateSSLCerts | Vendor Advisory | |
| cret@cert.org | https://www.barracuda.com/support/techalerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/534407 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://techlib.barracuda.com/BWF/UpdateSSLCerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.barracuda.com/support/techalerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| barracuda | web_filter | 7.0 | |
| barracuda | web_filter | 7.0.1 | |
| barracuda | web_filter | 7.1.0 | |
| barracuda | web_filter | 8.0 | |
| barracuda | web_filter | 8.0.002 | |
| barracuda | web_filter | 8.0.003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:barracuda:web_filter:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1872D278-FB20-40E2-80FE-A07727FEB95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:barracuda:web_filter:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77C4B8CF-273E-4121-9EFA-5A28C650B7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:barracuda:web_filter:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA3E599-A9EC-4033-8689-CCF5640156EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:barracuda:web_filter:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "080885D0-8F16-4215-B8F3-AEF22181BB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:barracuda:web_filter:8.0.002:*:*:*:*:*:*:*",
"matchCriteriaId": "5EACD6F3-9B21-4A54-9554-1B543876C71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:barracuda:web_filter:8.0.003:*:*:*:*:*:*:*",
"matchCriteriaId": "F42F897E-A0A0-4CA3-9294-37A87FFA0202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship."
},
{
"lang": "es",
"value": "Barracuda Web Filter 7.x y 8.x anterior a 8.1.0.005, cuando SSL Inspection est\u00e1 habilitada, utiliza el mismo certificado root de la autoridad certificadora en las instalaciones de clientes diferentes, lo que facilita a atacantes remotos realizar ataques man-in-the-middle contra sesiones SSL mediante el aprovechamiento de la relaci\u00f3n de confianza del certificado."
}
],
"id": "CVE-2015-0962",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T22:59:04.037",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.barracuda.com/support/techalerts"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-18"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0961
Vulnerability from fkie_nvd - Published: 2015-05-25 22:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/534407 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/ | Vendor Advisory | |
| cret@cert.org | https://techlib.barracuda.com/BWF/UpdateSSLCerts | Vendor Advisory | |
| cret@cert.org | https://www.barracuda.com/support/techalerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/534407 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://techlib.barracuda.com/BWF/UpdateSSLCerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.barracuda.com/support/techalerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| barracuda | web_filter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:barracuda:web_filter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E875B9-BB99-46D1-9E2F-39FD673579ED",
"versionEndIncluding": "8.0.003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "Barracuda Web Filter anterior a 8.1.0.005, cuando SSL Inspection est\u00e1 habilitada, no verifica los certificados X.509 de servidores SSL previos, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/295.html\"\u003eCWE-295: Improper Certificate Validation\u003c/a\u003e",
"id": "CVE-2015-0961",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T22:59:02.880",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.barracuda.com/support/techalerts"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-0962 (GCVE-0-2015-0962)
Vulnerability from cvelistv5 – Published: 2015-05-25 22:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T22:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#534407",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"name": "https://techlib.barracuda.com/BWF/UpdateSSLCerts",
"refsource": "CONFIRM",
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"name": "https://www.barracuda.com/support/techalerts",
"refsource": "CONFIRM",
"url": "https://www.barracuda.com/support/techalerts"
},
{
"name": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/",
"refsource": "CONFIRM",
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0962",
"datePublished": "2015-05-25T22:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0961 (GCVE-0-2015-0961)
Vulnerability from cvelistv5 – Published: 2015-05-25 22:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T22:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#534407",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"name": "https://techlib.barracuda.com/BWF/UpdateSSLCerts",
"refsource": "CONFIRM",
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"name": "https://www.barracuda.com/support/techalerts",
"refsource": "CONFIRM",
"url": "https://www.barracuda.com/support/techalerts"
},
{
"name": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/",
"refsource": "CONFIRM",
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0961",
"datePublished": "2015-05-25T22:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0962 (GCVE-0-2015-0962)
Vulnerability from nvd – Published: 2015-05-25 22:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T22:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#534407",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"name": "https://techlib.barracuda.com/BWF/UpdateSSLCerts",
"refsource": "CONFIRM",
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"name": "https://www.barracuda.com/support/techalerts",
"refsource": "CONFIRM",
"url": "https://www.barracuda.com/support/techalerts"
},
{
"name": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/",
"refsource": "CONFIRM",
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0962",
"datePublished": "2015-05-25T22:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0961 (GCVE-0-2015-0961)
Vulnerability from nvd – Published: 2015-05-25 22:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T22:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#534407",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.barracuda.com/support/techalerts"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#534407",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534407"
},
{
"name": "https://techlib.barracuda.com/BWF/UpdateSSLCerts",
"refsource": "CONFIRM",
"url": "https://techlib.barracuda.com/BWF/UpdateSSLCerts"
},
{
"name": "https://www.barracuda.com/support/techalerts",
"refsource": "CONFIRM",
"url": "https://www.barracuda.com/support/techalerts"
},
{
"name": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/",
"refsource": "CONFIRM",
"url": "https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0961",
"datePublished": "2015-05-25T22:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}