CVE-2010-5148
https://notcve.org/view.php?id=CVE-2010-5148
Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session (SSL) cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Websense Web Security y Web Filter anteriores a v7.1 Hotfix 21 no fija el "flag" secure para la cookie de sesión Encrypted Session (SSL) en una sesión https, lo que facilita a atacantes remotos la captura de esta cookie interceptándola cuando se transmite dentro de una sesión http. • http://www.websense.com/content/support/library/web/v711/ws711_known_issues/first.aspx http://www.websense.com/content/support/library/web/v711/ws711_known_issues/ws711_known_issues.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/78342 •
CVE-2010-5146
https://notcve.org/view.php?id=CVE-2010-5146
The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files. El componente Remote Filtering en Websense Web Security y Web Filter v7.1 anterior a Hotfix 66 permite a usuarios locales eludir el filtrado por (1) el renombrado de WDC.exe o (2) borrar los ficheros del controlador. • http://www.websense.com/content/support/library/web/v711/ws711_known_issues/first.aspx http://www.websense.com/content/support/library/web/v711/ws711_known_issues/ws711_known_issues.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/78344 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-5145
https://notcve.org/view.php?id=CVE-2010-5145
The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. El Servicio de Filtrado de Websense Web Security y Web Filter v6.3.1 anterior a Hotfix 136 y v7.x en Windows anterior a v7.1.1 permite a atacantes remotos provocar una denegación de servicio (corte del filtrado) a través de una secuencia manipulada de los caracteres de una URI. • http://www.websense.com/content/support/library/web/v711/ws711_known_issues/first.aspx http://www.websense.com/content/support/library/web/v711/ws711_known_issues/ws711_known_issues.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/78345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-5120
https://notcve.org/view.php?id=CVE-2009-5120
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port. La configuración por defecto de Apache Tomcat en Websense Manager en Websense Web Security v7.0 y Web Filter v7.0 permite conexiones con el puerto TCP 1812 de cualquier dirección IP de origen, lo que facilita a los atacantes remotos realizar ataques cross-site scripting (XSS) a través de texto UTF-7 a la página de error 404 de un servicio Proyect Woodstock en este puerto. • http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vulnerabilities-1258048503850 • CWE-16: Configuration •