CVE-2010-5144

Published: Aug 23, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.

Affected (9)

Products: Websense: Websense, Websense Web Security, Websense Web Filter

3 products

Websense Web Security

Websense Web Filter

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Websense Websense	Up to 6.3.3
Websense Websense	Version 6.3.0
Websense Websense	Version 6.3.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Websense Websense Web Security	Version 6.3.0
Websense Websense Web Security	Version 6.3.1
Websense Websense Web Security	Version 6.3.3

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Websense Websense Web Filter	Up to 6.3.3
Websense Websense Web Filter	Version 6.3.0
Websense Websense Web Filter	Version 6.3.1

Related CWEs

References (6)

http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html

Source: cve@mitre.org

Exploit

http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html

Source: cve@mitre.org

Exploit

http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations

Source: cve@mitre.org

Vendor Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://mrhinkydink.blogspot.com/2010/05/websense-633-via-bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.websense.com/support/article/t-kbarticle/Web-Security-Vulnerability-Microsoft-ISA-Server-Integrations

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.