Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5148

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2010-5148
Last Modified 01 Apr 2013 11:06:47
Published 23 Aug 2012 06:32:14
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-5148

Summary

Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session (SSL) cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Vulnerable Systems

Application

  • Websense Web Filter 7.0

  • Websense Web Security 7.0


References

CONFIRM - http://www.websense.com/content/support/library/web/v711/ws711_known_issues/ws711_known_issues.pdf

CONFIRM - http://www.websense.com/content/support/library/web/v711/ws711_known_issues/first.aspx

XF - websense-flag-info-disc(78342)


Last Updated: 27 May 2016 11:02:08