CVE-2010-5144

Name of the Vulnerable Software and Affected Versions Websense Enterprise versions 6.3.3 and earlier Websense Web Security versions 6.3.3 and earlier Websense Web Filter versions 6.3.3 and earlier

Description The issue allows remote attackers to bypass intended filtering and monitoring activities for web traffic. This is achieved via an HTTP Via header when the ISAPI Filter plug-in is used with a Microsoft ISA or Microsoft Forefront TMG server.

Recommendations For Websense Enterprise versions 6.3.3 and earlier, consider restricting access to the ISAPI Filter plug-in until a fix is available. For Websense Web Security versions 6.3.3 and earlier, avoid using the ISAPI Filter plug-in in conjunction with Microsoft ISA or Microsoft Forefront TMG servers until the issue is resolved. For Websense Web Filter versions 6.3.3 and earlier, as a temporary workaround, consider disabling the ISAPI Filter plug-in to minimize the risk of exploitation.