CVE-2010-5144
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
23/08/2012
Last modified:
11/04/2025
Description
The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:websense:websense:*:-:enterprise:*:*:*:*:* | 6.3.3 (including) | |
| cpe:2.3:a:websense:websense:6.3.0:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:websense:websense:6.3.1:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:websense:websense_web_security:6.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:websense:websense_web_security:6.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:websense:websense_web_security:6.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:websense:websense_web_filter:*:*:*:*:*:*:*:* | 6.3.3 (including) | |
| cpe:2.3:a:websense:websense_web_filter:6.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:websense:websense_web_filter:6.3.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html
- http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html
- http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html
- http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html
- http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations