PT-2012-1285 · Websense+1 · Websense Web Filter+2

Publicado

2012-08-23

Atualizado

2012-08-23

CVE-2009-5120

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Websense Web Security versions 7.0 Websense Web Filter versions 7.0

Description The default configuration of Apache Tomcat in Websense Manager allows connections to TCP port 1812 from arbitrary source IP addresses. This makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.

Recommendations For Websense Web Security version 7.0, restrict access to TCP port 1812 to prevent connections from arbitrary source IP addresses. For Websense Web Filter version 7.0, restrict access to TCP port 1812 to prevent connections from arbitrary source IP addresses.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-16

Identificadores relacionados

CVE-2009-5120

Produtos afetados

Apache Tomcat

Websense Web Filter

Websense Web Security

PT-2012-1285 · Websense+1 · Websense Web Filter+2

CVE-2009-5120

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2