Lucene search

[email protected]CVE-2010-5148

HistoryAug 23, 2012 - 10:32 a.m.

CVE-2010-5148

2012-08-2310:32:14

[email protected]

web.nvd.nist.gov

websense

web security

web filter

ssl

vulnerability

cve-2010-5148

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session (SSL) cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected configurations

NVD

Node

websensewebsense_web_filterRange≤7.0

websensewebsense_web_securityRange≤7.0

CPENameOperatorVersion
websense:websense_web_filterwebsense websense web filterle7.0
websense:websense_web_securitywebsense websense web securityle7.0

CPE	Name	Operator	Version
websense:websense_web_filter	websense websense web filter	le	7.0
websense:websense_web_security	websense websense web security	le	7.0

References

www.websense.com/content/support/library/web/v711/ws711_known_issues/first.aspx

www.websense.com/content/support/library/web/v711/ws711_known_issues/ws711_known_issues.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/78342

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2010-5148

cvelist1 prion1 nvd1