Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Websense Email Security, two vulnerabilities

October 2009 by Vigil@nce

An attacker can generate a Cross Site Scripting or a denial of service in Websense Email Security Web Administrator.

- Severity: 2/4
- Consequences: client access/rights, denial of service of service
- Provenance: intranet client
- Means of attack: 2 attacks
- Ability of attacker: beginner (1/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Number of vulnerabilities in this bulletin: 2
- Creation date: 21/10/2009

IMPACTED PRODUCTS

- Websense Email Security

DESCRIPTION OF THE VULNERABILITY

The Websense Email Security Web Administrator service (STEMWADM.EXE), which listens on port 8181/tcp, is impacted by two vulnerabilities.

An attacker can send an HTTP query, and then close the socket before receiving the answer, in order to stop the service. [grav:2/4; BID-36740, CVE-2009-3749, NSOADV-2009-002]

An attacker can generate a Cross Site Scripting in the msgAnalyse.asp, msgForwardToRiskFilter.asp, viewHeaders.asp pages, or in the subject of an email. [grav:2/4; BID-36741, CVE-2009-3748, NSOADV-2009-003]

CHARACTERISTICS

- Identifiers: 670921, BID-36740, BID-36741, CVE-2009-3748, CVE-2009-3749, NSOADV-2009-002, NSOADV-2009-003, VIGILANCE-VUL-9109
- Url: http://vigilance.fr/vulnerability/W...




See previous articles

    

See next articles