CVE-2015-4138

Name of the Vulnerable Software and Affected Versions Blue Coat SSL Visibility Appliance versions 3.6.x through 3.8.x before 3.8.4

Description The issue concerns the WebUI component, which fails to include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie. This omission makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Recommendations For versions 3.6.x through 3.8.x before 3.8.4, update to version 3.8.4 or later to resolve the issue.