CVE-2009-5120

Published: Aug 23, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.

Affected (2)

Products: Websense: Websense Web Filter, Websense Web Security

2 products

Websense Web Filter

Websense Web Security

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Websense Websense Web Filter	Version 7.0
Websense Websense Web Security	Version 7.0

Related CWEs

References (2)

http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vulnerabilities-1258048503850

Source: cve@mitre.org

Vendor Advisory

http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vulnerabilities-1258048503850

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.