Websense Triton 7.7.3 < 7.7.3 Hotfix 31 Information Disclosure

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a web application that is affected by
an information disclosure vulnerability.

Description :

The remote application is running Websense Triton Unified Security
Center, a component of the commercial suite of web filtering products.

The remote instance of Websense Triton Unified Security Center fails
to sanitize user-supplied input data in the 'Log Database' and 'User
Directories' areas of the 'Settings' component. This error could allow
an authenticated attacker to obtain credential information belonging
to other users and possibly those owning higher privileges.

See also :

http://www.nessus.org/u?2cccef1f

Solution :

There are no known workarounds or upgrades to correct this issue.
Websense has released the following Hotfixes to address this
vulnerability :

- Web Security Gateway Anywhere v7.7.3 Hotfix 31
- Web Security Gateway v7.7.3 Hotfix 31
- Websense Web Security v7.7.3 Hotfix 31
- Websense Web Filter v7.7.3 Hotfix 31

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 73520 ()

Bugtraq ID: 66687

CVE ID: CVE-2014-0347

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now