Vulnerability Description
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Websense | Websense Web Filter | 7.0 |
| Websense | Websense Web Security | 7.0 |
Related Weaknesses (CWE)
References
- http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vuVendor Advisory
- http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vuVendor Advisory
FAQ
What is CVE-2009-5120?
CVE-2009-5120 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it ea...
How severe is CVE-2009-5120?
CVE-2009-5120 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-5120?
Check the references section above for vendor advisories and patch information. Affected products include: Websense Websense Web Filter, Websense Websense Web Security.