CVE-2009-5119

Published: Aug 23, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.

Affected (2)

Products: Websense: Websense Web Filter, Websense Web Security

2 products

Websense Web Filter

Websense Web Security

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Websense Websense Web Filter	Version 7.0
Websense Websense Web Security	Version 7.0

Related CWEs

References (2)

http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vulnerabilities-1258048503850

Source: cve@mitre.org

Vendor Advisory

http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vulnerabilities-1258048503850

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.