 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.106003 |
| Categoría: | Web application abuses |
| Título: | Websense Triton File Disclosure Vulnerability |
| Resumen: | Websense Triton is vulnerable to a file disclosure;vulnerability. |
| Descripción: | Summary: Websense Triton is vulnerable to a file disclosure vulnerability. Vulnerability Insight: The Apache server of Websense Data Security has mapped the explorer_wse path to a folder used by Websense for storing generated reports. No access control is enforced on this folder. Files stored in the folder are accessible to unauthenticated user. Vulnerability Impact: An attacker can abuse this issue to download any file exposed by this path, including security reports and Websense Explorer configuration files. Affected Software/OS: Websense Triton v7.8.3 and v7.7 Solution: Update to version 8.0 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2748 Bugtraq: 20150318 Missing access control on Websense Explorer web folder (Google Search) http://www.securityfocus.com/archive/1/534913/100/0/threaded http://seclists.org/fulldisclosure/2015/Mar/107 http://packetstormsecurity.com/files/130901/Websense-Explorer-Missing-Access-Control.html https://www.securify.nl/advisory/SFY20140909/missing_access_control_on_websense_explorer_web_folder.html |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |