CVE-2010-5144

EUVD-2010-5103
The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
websensewebsense
𝑥
≤ 6.3.3
websensewebsense
6.3.0
websensewebsense
6.3.1
websensewebsense_web_security
6.3.0
websensewebsense_web_security
6.3.1
websensewebsense_web_security
6.3.3
websensewebsense_web_filter
𝑥
≤ 6.3.3
websensewebsense_web_filter
6.3.0
websensewebsense_web_filter
6.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html
http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html
http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html
http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html
http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations