CVE-2010-5148

Name of the Vulnerable Software and Affected Versions Websense Web Security and Web Filter versions prior to 7.1 Hotfix 21

Description The issue allows remote attackers to capture the Encrypted Session (SSL) cookie by intercepting its transmission within an http session, as the secure flag is not set for this cookie in an https session.

Recommendations For versions prior to 7.1 Hotfix 21, update to version 7.1 Hotfix 21 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information transmitted over https sessions until the update is applied.