11 matches found
CVE-2009-5120
Summary: CVE-2009-5120 concerns Websense Web Security 7.0 / Web Filter 7.0 using Apache Tomcat. The default Tomcat configuration in Websense Manager allows TCP connections to port 1812 from arbitrary source IPs, which is described as enabling cross-site scripting (XSS) via UTF-7 text to the 404 e...
CVE-2009-5119
CVE-2009-5119 involves the default configuration of Apache Tomcat in Websense Web Security 7.0 and Websense Web Filter 7.0. The issue is that weak SSL ciphers are enabled in conf/server.xml, potentially allowing remote attackers to obtain sensitive information by sniffing network traffic and then...
CVE-2010-5144
The CVE-2010-5144 issue affects the ISAPI Filter plug-in used with Websense Enterprise, Websense Web Security, and Websense Web Filter (versions 6.3.3 and earlier) when deployed behind Microsoft ISA or Forefront TMG. The vulnerability allows remote attackers to bypass intended filtering and monit...
CVE-2010-5147
The CVE-2010-5147 entry affects Websense Web Security and Web Filter: remote filtering component before 6.3.3 Hotfix 18 and before 7.1.1. The flaw allows remote attackers to cause a denial of service (daemon exit) by sending a large volume of traffic. Affected component is the Remote Filtering mo...
CVE-2011-5102
The connected Nessus plugin details a remote command-execution path for Websense Triton/Web Security products affected by CVE-2011-5102, specifically: Websense Triton 7.1.x versions before 7.1.3, 7.5.x before 7.5.3, 7.6.0 before 7.6.1, and 7.6.2 before 7.6.3. The vulnerability stems from improper...
CVE-2010-5148
CVE-2010-5148 affects Websense Web Security and Web Filter prior to 7.1 Hotfix 21. The vulnerability is that the Encrypted Session (SSL) cookie is not marked Secure in HTTPS sessions, enabling potential interception of the cookie over HTTP. No exploitation details are provided in the connected do...
CVE-2012-4604
The CVE-2012-4604 issue affects the TRITON management console in Websense Web Security prior to 7.6 Hotfix 24. An authentication bypass vulnerability allows remote attackers to read arbitrary reports by tampering with cookies containing a crafted uid field and a crafted userRoles field, as demons...
CVE-2009-5132
CVE-2009-5132 affects Websense Filtering Service in Web Security and Web Filter prior to 6.3.1 Hotfix 106 and prior to 7.1 (7.x). The flaw allows remote attackers to cause a denial-of-service (filtering outage) by sending a crafted URL. Impact is partial availability disruption as described; expl...
CVE-2010-5145
CVE-2010-5145 affects Websense Web Security and Web Filter prior to 6.3.1 Hotfix 136 and 7.x prior to 7.1.1 on Windows. The vulnerability allows remote attackers to cause a denial of service (filtering outage) by sending a crafted sequence of characters in a URI. The issue is rooted in the Filter...
CVE-2010-5149
CVE-2010-5149 affects Websense Web Security and Web Filter. The vulnerability exists in the URL handling of Websense products prior to 6.3.3 Hotfix 27 and 7.x prior to 7.1.1, where processing a long URL can trigger a remote DoS (Blue Coat appliance integration outage). The connected documents con...
CVE-2010-5146
The CVE-2010-5146 entry concerns Websense Web Security and Web Filter prior to 7.1 Hotfix 66. The vulnerability is a local bypass in the Remote Filtering component, where a user can bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files. Documents specify affected componen...