Vulnerability Details CVE-2010-5144
The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.0%
CVSS Severity
CVSS v2 Score 4.3
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html
- http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html
- http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html
- http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html
- http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations
Products affected by CVE-2010-5144
-
cpe:2.3:a:websense:websense:6.3.0
-
cpe:2.3:a:websense:websense:6.3.1
-
cpe:2.3:a:websense:websense:6.3.3
-
cpe:2.3:a:websense:websense_web_filter:6.3.0
-
cpe:2.3:a:websense:websense_web_filter:6.3.1
-
cpe:2.3:a:websense:websense_web_filter:6.3.2
-
cpe:2.3:a:websense:websense_web_filter:6.3.3
-
cpe:2.3:a:websense:websense_web_security:6.3.0
-
cpe:2.3:a:websense:websense_web_security:6.3.1
-
cpe:2.3:a:websense:websense_web_security:6.3.3