Vulnerabilities > CVE-2015-0962 - Source Code vulnerability in Barracuda web Filter

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

barracuda

CWE-18

NVD

Published: 2015-05-25

Updated: 2024-11-21

Summary

Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.

Vulnerable Configurations

Part	Description	Count
Application	Barracuda Barracuda WEB Filter 7.1.0 Barracuda WEB Filter 8.0 Barracuda WEB Filter 8.0.002 Barracuda WEB Filter 7.0.1 Barracuda WEB Filter 8.0.003 Barracuda WEB Filter 7.0	6

Common Weakness Enumeration (CWE)

CWE-18 - Source Code

References

http://www.kb.cert.org/vuls/id/534407
http://www.kb.cert.org/vuls/id/534407
https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/
https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/
https://techlib.barracuda.com/BWF/UpdateSSLCerts
https://techlib.barracuda.com/BWF/UpdateSSLCerts
https://www.barracuda.com/support/techalerts
https://www.barracuda.com/support/techalerts