Vigil@nce - Websense Web Security, Filter: bypassing filtering with Microsoft ISA Server
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When Websense Web Security and Filter is installed with Microsoft
ISA Server, an attacker can use an HTTP "Via:" header, in order to
bypass filtering rules.
Impacted products: Websense Web Filter, Websense Web Security
Severity: 2/4
Creation date: 24/08/2012
DESCRIPTION OF THE VULNERABILITY
When Websense Web Security and Filter is installed with Microsoft
ISA Server, an attacker can use an HTTP "Via:" header, in order to
bypass filtering rules.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN