Full Disclosure mailing list archives

By Date By Thread Command injection vulnerability in network diagnostics tool of Websense Appliance Manager From: "Securify B.V." <lists () securify nl>

Date: Wed, 18 Mar 2015 18:21:45 +0100

------------------------------------------------------------------------ Command injection vulnerability in network diagnostics tool of Websense Appliance Manager ------------------------------------------------------------------------ Han Sahin, September 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remote unauthenticated attacks to compromise the appliance. ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was discovered on Websense Triton v7.8.3 and Websense appliance modules V-Series v7.7. Other versions may be affected as well. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Websense released hotfix 02 for Websense Triton v7.8.4 in which this issue is fixed. More information about this hotfix can be found at the following location: http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-02-for-Web-Security-Solutions This issue is resolved in TRITON APX Version 8.0. More information about the fixed can be found at the following location: http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20140906/command_injection_vulnerability_in_network_diagnostics_tool_of_websense_appliance_manager.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: Command injection vulnerability in network diagnostics tool of Websense Appliance Manager Securify B.V. (Mar 18)