CVE-2015-2855

Name of the Vulnerable Software and Affected Versions Blue Coat SSL Visibility Appliance versions 3.6.x through 3.8.x before 3.8.4

Description The issue concerns the WebUI component, which fails to set the secure flag for the administrator's cookie in an https session. This oversight makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.

Recommendations For versions 3.6.x through 3.8.x before 3.8.4, update to version 3.8.4 or later to resolve the issue.