Lucene search

MitreCVE-2012-4604

HistoryAug 23, 2012 - 10:32 a.m.

CVE-2012-4604

2012-08-2310:32:15

CWE-287

mitre

web.nvd.nist.gov

cve-2012-4604

triton

websense

web security

authentication bypass

remote attackers

uid field

userroles field

favorites.exe

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.

Affected configurations

Nvd

Node

websensewebsense_web_securityRange≤7.6

websensewebsense_web_securityMatch6.3.0

websensewebsense_web_securityMatch6.3.1

websensewebsense_web_securityMatch6.3.2

websensewebsense_web_securityMatch6.3.3

websensewebsense_web_securityMatch7.0

websensewebsense_web_securityMatch7.1

websensewebsense_web_securityMatch7.1.1

websensewebsense_web_securityMatch7.5

websensewebsense_web_securityMatch7.5.1

VendorProductVersionCPE
websensewebsense_web_security*cpe:2.3:a:websense:websense_web_security:*:*:*:*:*:*:*:*
websensewebsense_web_security6.3.0cpe:2.3:a:websense:websense_web_security:6.3.0:*:*:*:*:*:*:*
websensewebsense_web_security6.3.1cpe:2.3:a:websense:websense_web_security:6.3.1:*:*:*:*:*:*:*
websensewebsense_web_security6.3.2cpe:2.3:a:websense:websense_web_security:6.3.2:*:*:*:*:*:*:*
websensewebsense_web_security6.3.3cpe:2.3:a:websense:websense_web_security:6.3.3:*:*:*:*:*:*:*
websensewebsense_web_security7.0cpe:2.3:a:websense:websense_web_security:7.0:*:*:*:*:*:*:*
websensewebsense_web_security7.1cpe:2.3:a:websense:websense_web_security:7.1:*:*:*:*:*:*:*
websensewebsense_web_security7.1.1cpe:2.3:a:websense:websense_web_security:7.1.1:*:*:*:*:*:*:*
websensewebsense_web_security7.5cpe:2.3:a:websense:websense_web_security:7.5:*:*:*:*:*:*:*
websensewebsense_web_security7.5.1cpe:2.3:a:websense:websense_web_security:7.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
websense	websense_web_security	*	cpe:2.3:a:websense:websense_web_security::::::::
websense	websense_web_security	6.3.0	cpe:2.3:a:websense:websense_web_security:6.3.0:::::::*
websense	websense_web_security	6.3.1	cpe:2.3:a:websense:websense_web_security:6.3.1:::::::*
websense	websense_web_security	6.3.2	cpe:2.3:a:websense:websense_web_security:6.3.2:::::::*
websense	websense_web_security	6.3.3	cpe:2.3:a:websense:websense_web_security:6.3.3:::::::*
websense	websense_web_security	7.0	cpe:2.3:a:websense:websense_web_security:7.0:::::::*
websense	websense_web_security	7.1	cpe:2.3:a:websense:websense_web_security:7.1:::::::*
websense	websense_web_security	7.1.1	cpe:2.3:a:websense:websense_web_security:7.1.1:::::::*
websense	websense_web_security	7.5	cpe:2.3:a:websense:websense_web_security:7.5:::::::*
websense	websense_web_security	7.5.1	cpe:2.3:a:websense:websense_web_security:7.5.1:::::::*

References

www.securityfocus.com/archive/1/522530

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

Related for CVE-2012-4604