Vulnerability Details : CVE-2015-0962
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
Products affected by CVE-2015-0962
- cpe:2.3:a:barracuda:web_filter:8.0.002:*:*:*:*:*:*:*
- cpe:2.3:a:barracuda:web_filter:8.0.003:*:*:*:*:*:*:*
- cpe:2.3:a:barracuda:web_filter:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:barracuda:web_filter:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:barracuda:web_filter:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:barracuda:web_filter:7.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0962
0.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0962
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-0962
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0962
-
https://www.barracuda.com/support/techalerts
Tech Alerts | Barracuda NetworksVendor Advisory
-
https://techlib.barracuda.com/BWF/UpdateSSLCerts
Vendor Advisory
-
http://www.kb.cert.org/vuls/id/534407
VU#534407 - Barracuda Web Filter insecurely performs SSL inspectionThird Party Advisory;US Government Resource
-
https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/
Barracuda delivers updated SSL Inspection feature | Journey NotesVendor Advisory
Jump to