Vulnerability Details CVE-2010-5144
The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html
- http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html
- http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html
- http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html
- http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations
Products affected by CVE-2010-5144
-
cpe:2.3:a:websense:websense:6.3.0
-
cpe:2.3:a:websense:websense:6.3.1
-
cpe:2.3:a:websense:websense:6.3.3
-
cpe:2.3:a:websense:websense_web_filter:6.3.0
-
cpe:2.3:a:websense:websense_web_filter:6.3.1
-
cpe:2.3:a:websense:websense_web_filter:6.3.2
-
cpe:2.3:a:websense:websense_web_filter:6.3.3
-
cpe:2.3:a:websense:websense_web_security:6.3.0
-
cpe:2.3:a:websense:websense_web_security:6.3.1
-
cpe:2.3:a:websense:websense_web_security:6.3.3