Lucene search

[email protected]CVE-2009-5120

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-5120

2022-10-0316:24:01

CWE-16

[email protected]

web.nvd.nist.gov

cve-2009-5120

apache tomcat

websense manager

websense web security

web filter

xss

cross-site scripting

utf-7

cve

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.0%

JSON

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.

Affected configurations

NVD

Node

websensewebsense_web_filterMatch7.0

websensewebsense_web_securityMatch7.0

CPENameOperatorVersion
websense:websense_web_filterwebsense websense web filtereq7.0
websense:websense_web_securitywebsense websense web securityeq7.0

CPE	Name	Operator	Version
websense:websense_web_filter	websense websense web filter	eq	7.0
websense:websense_web_security	websense websense web security	eq	7.0

References

www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vulnerabilities-1258048503850

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.0%

JSON

Related for CVE-2009-5120

prion1 nvd1 cvelist1