PT-2012-5510 · Websense · Websense Web Security

Published

2012-08-23

Updated

2012-08-23

CVE-2012-4604

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Websense Web Security versions prior to 7.6 Hotfix 24

Description The issue allows remote attackers to bypass authentication and read arbitrary reports by crafting specific fields in a cookie, including the uid field and the userRoles field, as demonstrated by a request to "explorer wse/favorites.exe".

Recommendations For Websense Web Security versions prior to 7.6 Hotfix 24, apply Hotfix 24 to resolve the issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-4604

Affected Products

Websense Web Security

PT-2012-5510 · Websense · Websense Web Security

CVE-2012-4604

Weakness Enumeration

Related Identifiers

Affected Products

References · 2