The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of AP-WEB

computer vulnerability bulletin CVE-2014-3566 CVE-2014-6271 CVE-2014-9711

Websense TRITON AP-WEB: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Websense TRITON AP-WEB.
Impacted products: TRITON AP-WEB, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 19/03/2015.
Identifiers: APP-3494, CVE-2014-3566, CVE-2014-6271, CVE-2014-9711, CVE-2015-2703, CVE-2015-2746, CVE-2015-2748, CVE-2015-2761, CVE-2015-2762, DSS-7910, EI-2301, EI-2465, EI-2529, EI-2970, VIGILANCE-VUL-16418, WCG-2132, WCG-2301, WCG-2347, WCG-2589, WSE-3881, WSE-4219, WSE-4308, WSE-4322, WSE 4544, WSE-4723, WSE-5122.

Description of the vulnerability

Several vulnerabilities were announced in Websense TRITON AP-WEB.

An attacker can trigger a Cross Site Scripting in TRITON UI Exceptions and Scanning Exceptions, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2015-2761, WSE-5122]

An attacker can enumerate Windows Domain users. [severity:2/4; CVE-2015-2762, WCG-2589]

An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information (VIGILANCE-VUL-15485). [severity:2/4; CVE-2014-3566, DSS-7910, EI-2301, EI-2970, WCG-2301, WCG-2347, WSE 4544, WSE-4723]

An attacker can trigger a Cross Site Scripting in Content Gateway Error Messages, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-9711, CVE-2015-2703, EI-2465, EI-2529, WCG-2132]

An attacker can access to Apache directories, in order to obtain sensitive information. [severity:2/4; CVE-2015-2748, WSE-4322]

An attacker can trigger a Cross Site Scripting in Block Pages, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-9711, CVE-2015-2703, WSE-4308]

An attacker can trigger a Cross Site Scripting in Job Queue, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-9711, CVE-2015-2703, WSE-3881]

An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code (VIGILANCE-VUL-15399). [severity:3/4; CVE-2014-6271, WSE-4219]

An attacker can trigger a Cross Site Request Forgery in V-Series Appliances, in order to force the victim to perform operations. [severity:2/4; APP-3494, CVE-2015-2746]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.