Websense TRITON 7.8 Multiple Vulnerabilities

medium Nessus Plugin ID 83739

Synopsis

The remote web server hosts an information security application with multiple vulnerabilities.

Description

The remote host is running Websense TRITON version 7.8.2 through 7.8.4. It is, therefore, potentially affected by multiple vulnerabilities :

- Multiple cross-site scripting vulnerabilities exist in the Investigative Reports due to a failure to properly validate the input to the 'ReportName' parameter to the Explorer report scheduler and the input to the 'col' parameter to the Names and Anonymous summary report pages. A remote attacker can exploit these vulnerabilities to inject arbitrary script or HTML in the user's browser session. (CVE-2014-9711)

- A stored cross-site scripting flaw exists due to a failure to validate input to the sender address field from an email when viewing audit log details. Websense TRITON is affected only if the Email Security component is installed. (CVE-2015-2702)

- Multiple cross-site scripting vulnerabilities exist due to a failure to validate the input to the 'ws-encdata' parameter of the 'moreBlockInfo.cgi' script in the Data Security block page and the input to the 'admin_msg' parameter to the 'client-cert-import_wsoem.html' in the Content Gateway. A remote attacker can exploit these vulnerabilities to inject arbitrary script or HTML in the user's browser session. Websense TRITON is affected only if the Web Security component is installed.
(CVE-2015-2703)

- A command injection flaw exists due to a failure to validate the 'Destination' parameter of the CommandLineServlet of the Appliance Manager interface.
An authenticated attacker can submit a specially crafted request to the servlet resulting in arbitrary commands being run as the root user on any V-Series appliances being managed by Websense TRITON. Note that the commands are executed on the appliance only and not the server that Websense TRITON is running on. (CVE-2015-2746)

- Websense TRITON does not properly restrict access to files in the 'explorer_wse/' path. A remote attacker, by using a direct request to a Web Security incident report or the Explorer configuration (websense.ini) file, can thereby gain access to sensitive information. Websense TRITON is affected only if the Web Security component is installed. (CVE-2015-2748)

Solution

Some hotfixes have been released to address individual issues;
however, only updating to 8.0 resolves all the issues listed.

See Also

http://www.nessus.org/u?3bff864f

http://www.nessus.org/u?1605810b

http://www.nessus.org/u?f5915409

http://www.nessus.org/u?b4f2a526

http://www.nessus.org/u?35904cd7

http://www.nessus.org/u?d81ea8fc

http://www.nessus.org/u?c46d757d

Plugin Details

Severity: Medium

ID: 83739

File Name: websense_triton_usc_8.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 5/21/2015

Updated: 8/6/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:websense:triton_ap_data, cpe:/a:websense:triton_ap_email, cpe:/a:websense:triton_ap_web, cpe:/a:websense:triton_unified_security_center

Required KB Items: installed_sw/Websense TRITON, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/8/2015

Vulnerability Publication Date: 9/1/2014

Reference Information

CVE: CVE-2014-9711, CVE-2015-2702, CVE-2015-2703, CVE-2015-2746, CVE-2015-2748

BID: 73233, 73236, 73240, 73241, 73242, 73243, 73345