Vigil@nce - Websense Web Security, Filter 7.0: vulnerabilitiee of Tomcat configuration
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of the configuration of
the Apache Tomcat included in Websense Web Security and Filter, in
order to obtain information, or to create a Cross Site Scripting.
Impacted products: Websense Web Filter, Websense Web Security
Severity: 2/4
Creation date: 24/08/2012
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in the configuration of the
Apache Tomcat included in Websense Web Security and Filter.
Weak SSL algorithms are allowed, so an attacker may decrypt a
session. [severity:1/4; CVE-2009-5119]
An attacker can connect to the port 1812/tcp, in order to generate
a Cross Site Scripting via UTF-7. [severity:2/4; CVE-2009-5120]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN