Vulnerability Description
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Websense | Websense Web Filter | 7.0 |
| Websense | Websense Web Security | 7.0 |
Related Weaknesses (CWE)
References
- http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vuVendor Advisory
- http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vuVendor Advisory
FAQ
What is CVE-2009-5119?
CVE-2009-5119 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers t...
How severe is CVE-2009-5119?
CVE-2009-5119 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-5119?
Check the references section above for vendor advisories and patch information. Affected products include: Websense Websense Web Filter, Websense Websense Web Security.