Vulnerability Description
The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Websense | Websense | <= 6.3.3 |
| Websense | Websense Web Security | 6.3.0 |
| Websense | Websense Web Filter | <= 6.3.3 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.htmlExploit
- http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.htmlExploit
- http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-MVendor Advisory
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.htmlExploit
- http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.htmlExploit
- http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-MVendor Advisory
FAQ
What is CVE-2010-5144?
CVE-2010-5144 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allo...
How severe is CVE-2010-5144?
CVE-2010-5144 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5144?
Check the references section above for vendor advisories and patch information. Affected products include: Websense Websense, Websense Websense Web Security, Websense Websense Web Filter.