Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5144

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-5144
Last Modified 23 Aug 2012 12:00:00
Published 23 Aug 2012 06:32:14
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-5144

Summary

The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.

Vulnerable Systems

Application

  • Websense 6.3.0

  • Websense 6.3.1

  • Websense 6.3.3

  • Websense Web Filter 6.3.0

  • Websense Web Filter 6.3.1

  • Websense Web Filter 6.3.3

  • Websense Web Security 6.3.0

  • Websense Web Security 6.3.1

  • Websense Web Security 6.3.3


References

CONFIRM - http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations

MISC - http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html

FULLDISC - 20100529 Websense Enterprise 6.3.3 Policy Bypass


Last Updated: 27 May 2016 11:00:18