Websense TRITON 7.8 Source Code Disclosure

medium Nessus Plugin ID 83741

Synopsis

The application on the remote web server is affected by a source code disclosure vulnerability.

Description

The version of Websense TRITON running on the remote web server contains a flaw in handling a JSP script request having an appended double quote character. This causes the source code of the script to be returned instead of it being executed. An unauthenticated, remote attacker can exploit this flaw to view the source code of the application, allowing further attacks to be carried out.

Solution

Update to version 7.8.4 Hotfix 02 or 8.0.0.

See Also

http://www.nessus.org/u?81de34db

http://www.nessus.org/u?c46d757d

Plugin Details

Severity: Medium

ID: 83741

File Name: websense_triton_usc_src_disclosure.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 5/21/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:websense:triton_unified_security_center

Required KB Items: installed_sw/Websense TRITON

Exploit Ease: No known exploits are available

Patch Publication Date: 4/8/2015

Vulnerability Publication Date: 9/1/2014

Reference Information

BID: 73236