The advisory describes a filter bypass vulnerability in Websense Proxy, allowing authenticated users to bypass URL restrictions by sending a malformed HTTP request with a crafted GET payload. The exploit leverages a malformed request structure to fetch unauthorized sites while logging a different URL.
Classification
Writeup 90%
Target:
Websense Proxy (all versions, no patch available)
Auth required
Prerequisites:
Authenticated access to the Websense Proxy · Remote webserver accepting malformed GET requests with Content-Length