Description
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.
References (1)
Core 1
Core References
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/522530
Scores
EPSS
0.0134
EPSS Percentile
67.8%
Details
CWE
CWE-287
Status
published
Products (10)
websense/websense_web_security
6.3.0
websense/websense_web_security
6.3.1
websense/websense_web_security
6.3.2
websense/websense_web_security
6.3.3
websense/websense_web_security
7.0
websense/websense_web_security
7.1
websense/websense_web_security
7.1.1
websense/websense_web_security
7.5
websense/websense_web_security
7.5.1
websense/websense_web_security
< 7.6
Published
Aug 23, 2012
Tracked Since
Feb 18, 2026