The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/78299 - |
Information
Published : 2012-08-23 10:32
Updated : 2024-11-21 00:58
NVD link : CVE-2008-7312
Mitre link : CVE-2008-7312
CVE.ORG link : CVE-2008-7312
JSON object : View
Products Affected
websense
- enterprise
CWE
CWE-20
Improper Input Validation