CVE-2008-7312

EPSS 0.16%
Veröffentlicht 23.08.2012 10:32:14
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Websense ≫ Enterprise Version5.2

Websense ≫ Enterprise Version5.5

Websense ≫ Enterprise Version6.1

Websense ≫ Enterprise Version6.2

Websense ≫ Enterprise Version6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.373

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/78299

https://nvd.nist.gov/vuln/detail/CVE-2008-7312

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-7312

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-7312

EUVD