vulnerability note 11339

Websense Web Security, Filter: command execution via Investigative Reports

Synthesis of the vulnerability

An unauthenticated attacker can connect to the Investigative Reports interface of Websense Web Security/Filter, in order to execute administrative commands.

Severity: 3/4. Creation date: 02/02/2012.

Impacted products

• Websense Web Filter
• Websense Web Security

Description of the vulnerability

The Investigative Reports web page can be used by the administrator to analyze filtering activities of Websense products. An unauthenticated attacker can connect to the Investigative Reports interface of Websense Web Security/Filter, in order to execute administrative commands. Technical details are unknown.

Share this bulletin

Complete Vigil@nce bulletin

Websense Web Security, Filter: command execution via Investigative Reports

Characteristics

Title: Websense Web Security, Filter: command execution via Investigative Reports. Keywords: Filter Investigative Reports Security Web Websense command execution. Identifiers: VIGILANCE-VUL-11339.

Information sources

Publications and announces Source example: January 2012 Hotfix Summary - Websense Web Filtering

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

Vigil@nce provides networks vulnerabilities alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.