CVE-2015-0962 | Vulnerability Database | Aqua Security

Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificates trust relationship.

Affected Software

Name	Vendor	Start Version	End Version
Web_filter	Barracuda	7.0 (including)	7.0 (including)
Web_filter	Barracuda	7.0.1 (including)	7.0.1 (including)
Web_filter	Barracuda	7.1.0 (including)	7.1.0 (including)
Web_filter	Barracuda	8.0 (including)	8.0 (including)
Web_filter	Barracuda	8.0.002 (including)	8.0.002 (including)
Web_filter	Barracuda	8.0.003 (including)	8.0.003 (including)

References

http://www.kb.cert.org/vuls/id/534407
https://blog.barracuda.com/2015/04/28/barracuda-delivers-updated-ssl-inspection-feature/
https://techlib.barracuda.com/BWF/UpdateSSLCerts
https://www.barracuda.com/support/techalerts

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-0962
CWE	https://cwe.mitre.org/data/definitions/18.html