Synopsis
The remote web server hosts an information security application with multiple vulnerabilities.
Description
The remote host is running Websense TRITON version 7.8.2 through 7.8.4. It is, therefore, potentially affected by multiple vulnerabilities :
- Multiple cross-site scripting vulnerabilities exist in the Investigative Reports due to a failure to properly validate the input to the 'ReportName' parameter to the Explorer report scheduler and the input to the 'col' parameter to the Names and Anonymous summary report pages. A remote attacker can exploit these vulnerabilities to inject arbitrary script or HTML in the user's browser session. (CVE-2014-9711)
- A stored cross-site scripting flaw exists due to a failure to validate input to the sender address field from an email when viewing audit log details. Websense TRITON is affected only if the Email Security component is installed. (CVE-2015-2702)
- Multiple cross-site scripting vulnerabilities exist due to a failure to validate the input to the 'ws-encdata' parameter of the 'moreBlockInfo.cgi' script in the Data Security block page and the input to the 'admin_msg' parameter to the 'client-cert-import_wsoem.html' in the Content Gateway. A remote attacker can exploit these vulnerabilities to inject arbitrary script or HTML in the user's browser session. Websense TRITON is affected only if the Web Security component is installed.
(CVE-2015-2703)
- A command injection flaw exists due to a failure to validate the 'Destination' parameter of the CommandLineServlet of the Appliance Manager interface.
An authenticated attacker can submit a specially crafted request to the servlet resulting in arbitrary commands being run as the root user on any V-Series appliances being managed by Websense TRITON. Note that the commands are executed on the appliance only and not the server that Websense TRITON is running on. (CVE-2015-2746)
- Websense TRITON does not properly restrict access to files in the 'explorer_wse/' path. A remote attacker, by using a direct request to a Web Security incident report or the Explorer configuration (websense.ini) file, can thereby gain access to sensitive information. Websense TRITON is affected only if the Web Security component is installed. (CVE-2015-2748)
Solution
Some hotfixes have been released to address individual issues;
however, only updating to 8.0 resolves all the issues listed.
Plugin Details
File Name: websense_triton_usc_8.nasl
Agent: windows
Configuration: Enable paranoid mode
Supported Sensors: Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:websense:triton_ap_data, cpe:/a:websense:triton_ap_email, cpe:/a:websense:triton_ap_web, cpe:/a:websense:triton_unified_security_center
Required KB Items: installed_sw/Websense TRITON, Settings/ParanoidReport
Exploit Ease: Exploits are available
Patch Publication Date: 4/8/2015
Vulnerability Publication Date: 9/1/2014
Reference Information
CVE: CVE-2014-9711, CVE-2015-2702, CVE-2015-2703, CVE-2015-2746, CVE-2015-2748
BID: 73233, 73236, 73240, 73241, 73242, 73243, 73345