Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Websense Enterprise 6.3.3 Via: Bypass Still Exists

🗓️ 19 Aug 2010 00:00:00Reported by mrhinkydinkType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Websense Enterprise 6.3.3 Via Bypass Trivial Web Polic

Code
`discovered by mrhinkydink  
  
PRODUCT: Websense Enterprise  
  
EXPOSURE: Trivial Web Policy Bypass (III)  
  
LINK:  
http://mrhinkydink.blogspot.com/2010/08/websenseisa-via-bypass-redux.html  
  
  
SYNOPSIS  
========  
  
On May 29, 2010 I demonstrated that by adding a "Via:" header to an HTTP  
request it is possible for a user to completely bypass filtering and  
monitoring in a Websense Enterprise 6.3.3/Microsoft ISA Server (2004 or  
2006) proxy integration environment. This was addressed in Websense  
Knowledge Base article #5117.  
  
However, anyone familiar with the Via bypass technique would have  
noticed this remediation was insufficient.  
  
  
PROOF OF CONCEPT  
================  
  
The following works in a Websense Enterprise system using the ISA Server  
integration product in a Cache Array Routing Protocol (CARP, sometimes  
referred to as "CRAP") configuration, which requires at least two ISA  
servers.  
  
Assuming there are two ISA servers configured as per Websense Knowledge  
Base article #5117, one at IP address 10.10.0.1 and another at  
10.10.0.2, perform the following:  
  
I. Install Firefox >= 3.5  
  
II. Configure Firefox to use one of the proxy servers in the CARP array  
(10.10.0.1).   
  
III. Obtain and install the Modify Headers plug-in by Gareth Hunt  
  
IV. Configure the plug-in to add a valid "Via:" header pointing to the  
other server in the array.  
  
Example: "Via: 1.0 10.10.0.2"  
  
V. Browse to a filtered Web site  
  
VI. All content is allowed without monitoring or filtering  
  
  
PoC RESTRICTIONS  
================  
  
All restrictions noted in the original Via Bypass article apply.  
  
See http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html  
  
  
OTHER USES  
==========  
  
Limited only by your imagination! You do have an imagination, don't  
you?  
  
See http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html  
  
  
WORK-AROUNDS  
============  
  
Install Hotfix 17 provided by Websense.  
  
  
HISTORY  
=======  
  
06/25/2010 - vendor notified  
  
08/13/2010 - vendor releases Hotfix 17  
  
08/18/2010 - PoC published  
  
  
  
c. MMX mrhinkydink  
  
http://mrhinkydink.blogspot.com  
http://proxyobsession.net  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Aug 2010 00:00Current
0.7Low risk
Vulners AI Score0.7
websenseenterprisebypasstrivialweb policyfirewallproxyvulnerabilityhotfixfirefoxhttpheader
27