{"api_version":"1","generated_at":"2026-05-31T09:30:08+00:00","cve":"CVE-2015-0962","urls":{"html":"https://cve.report/CVE-2015-0962","api":"https://cve.report/api/cve/CVE-2015-0962.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-0962","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-0962"},"summary":{"title":"CVE-2015-0962","description":"Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.","state":"PUBLISHED","assigner":"certcc","published_at":"2015-05-25 22:59:04","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-18","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://techlib.barracuda.com/BWF/UpdateSSLCerts","name":"https://techlib.barracuda.com/BWF/UpdateSSLCerts","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Barracuda Web Filter - Barracuda Web Filter Update for SSL Inspection Certificate Handling","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/534407","name":"http://www.kb.cert.org/vuls/id/534407","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#534407 - Barracuda Web Filter insecurely performs SSL inspection","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/","name":"https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Barracuda delivers updated SSL Inspection feature","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.barracuda.com/support/techalerts","name":"https://www.barracuda.com/support/techalerts","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Barracuda Networks\r\n      - Tech Alerts","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-0962","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0962","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"barracuda","cpe5":"web_filter","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"barracuda","cpe5":"web_filter","cpe6":"7.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"barracuda","cpe5":"web_filter","cpe6":"7.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"barracuda","cpe5":"web_filter","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"barracuda","cpe5":"web_filter","cpe6":"8.0.002","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"barracuda","cpe5":"web_filter","cpe6":"8.0.003","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T04:26:11.559Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"VU#534407","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/534407"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://techlib.barracuda.com/BWF/UpdateSSLCerts"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.barracuda.com/support/techalerts"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-04-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2015-05-25T22:57:01.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"VU#534407","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/534407"},{"tags":["x_refsource_CONFIRM"],"url":"https://techlib.barracuda.com/BWF/UpdateSSLCerts"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.barracuda.com/support/techalerts"},{"tags":["x_refsource_CONFIRM"],"url":"https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2015-0962","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"VU#534407","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/534407"},{"name":"https://techlib.barracuda.com/BWF/UpdateSSLCerts","refsource":"CONFIRM","url":"https://techlib.barracuda.com/BWF/UpdateSSLCerts"},{"name":"https://www.barracuda.com/support/techalerts","refsource":"CONFIRM","url":"https://www.barracuda.com/support/techalerts"},{"name":"https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/","refsource":"CONFIRM","url":"https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2015-0962","datePublished":"2015-05-25T22:00:00.000Z","dateReserved":"2015-01-10T00:00:00.000Z","dateUpdated":"2024-08-06T04:26:11.559Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-05-25 22:59:04","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-18","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:barracuda:web_filter:7.0:*:*:*:*:*:*:*","matchCriteriaId":"1872D278-FB20-40E2-80FE-A07727FEB95F"},{"vulnerable":true,"criteria":"cpe:2.3:a:barracuda:web_filter:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77C4B8CF-273E-4121-9EFA-5A28C650B7FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:barracuda:web_filter:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"ECA3E599-A9EC-4033-8689-CCF5640156EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:barracuda:web_filter:8.0:*:*:*:*:*:*:*","matchCriteriaId":"080885D0-8F16-4215-B8F3-AEF22181BB2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:barracuda:web_filter:8.0.002:*:*:*:*:*:*:*","matchCriteriaId":"5EACD6F3-9B21-4A54-9554-1B543876C71D"},{"vulnerable":true,"criteria":"cpe:2.3:a:barracuda:web_filter:8.0.003:*:*:*:*:*:*:*","matchCriteriaId":"F42F897E-A0A0-4CA3-9294-37A87FFA0202"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"962","Ordinal":"1","Title":"CVE-2015-0962","CVE":"CVE-2015-0962","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"962","Ordinal":"1","NoteData":"Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.","Type":"Description","Title":"CVE-2015-0962"},{"CveYear":"2015","CveId":"962","Ordinal":"2","NoteData":"2015-05-25","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"962","Ordinal":"3","NoteData":"2015-05-25","Type":"Other","Title":"Modified"}]}}}