Details of VAR-201404-0465

ID

VAR-201404-0465

CVE

CVE-2014-0347

TITLE

Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability

Trust: 0.8

sources: CERT/CC: VU#568252

DESCRIPTION

The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component. Websense Provided by TRITON Unified Security Center Contains an information disclosure vulnerability. CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlA user who has some account of the product may obtain the authentication information of other users. are all products of American Websense. A remote attacker can exploit this vulnerability to read plaintext passwords by replacing type='password'

Trust: 2.7

sources: NVD: CVE-2014-0347 // CERT/CC: VU#568252 // JVNDB: JVNDB-2014-001919 // BID: 66687 // VULHUB: VHN-67840

AFFECTED PRODUCTS

vendor:	websense	model:	triton unified security center	scope:	eq	version:	7.7.3	Trust: 1.6
vendor:	websense	model:	triton web security gateway anywhere	scope:	eq	version:	7.7.3	Trust: 1.6
vendor:	websense	model:	triton web security gateway	scope:	eq	version:	7.7.3	Trust: 1.6
vendor:	websense	model:	triton web filter	scope:	eq	version:	7.7.3	Trust: 1.6
vendor:	websense	model:	triton web security	scope:	eq	version:	7.7.3	Trust: 1.6
vendor:	websense	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	web sense	model:	triton unified security center	scope:	lt	version:	7.7.3 hotfix 31 earlier	Trust: 0.8
vendor:	web sense	model:	websense web filter	scope:	lt	version:	7.7.3 hotfix 31 earlier	Trust: 0.8
vendor:	web sense	model:	websense web security	scope:	lt	version:	7.7.3 hotfix 31 earlier	Trust: 0.8
vendor:	web sense	model:	websense web security gateway	scope:	lt	version:	7.7.3 hotfix 31 earlier	Trust: 0.8
vendor:	web sense	model:	websense web security gateway anywhere	scope:	lt	version:	7.7.3 hotfix 31 earlier	Trust: 0.8

sources: CERT/CC: VU#568252 // JVNDB: JVNDB-2014-001919 // CNNVD: CNNVD-201404-167 // NVD: CVE-2014-0347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0347
value:	LOW
Trust: 1.0
NVD:	CVE-2014-0347
value:	LOW
Trust: 0.8
IPA:	JVNDB-2014-001919
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201404-167
value:	LOW
Trust: 0.6
VULHUB:	VHN-67840
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2014-0347
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2014-0347
severity:	LOW
baseScore:	3.5
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2014-001919
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-67840
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#568252 // VULHUB: VHN-67840 // JVNDB: JVNDB-2014-001919 // CNNVD: CNNVD-201404-167 // NVD: CVE-2014-0347

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.1
problemtype:	CWE-200	Trust: 0.8

sources: VULHUB: VHN-67840 // JVNDB: JVNDB-2014-001919 // NVD: CVE-2014-0347

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-167

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201404-167

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001919

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#568252

PATCH

title:	Websense V7.7.3 HF31 Manager Password Vulnerability issue (要ログイン)	url:	https://www.websense.com/content/Registration.aspx?task=signin&patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0	Trust: 0.8
title:	Web Security Gateway Anywhere	url:	http://www.websense.com/content/web-security-gateway-anywhere-features.aspx	Trust: 0.8

sources: JVNDB: JVNDB-2014-001919

EXTERNAL IDS

db:	CERT/CC	id:	VU#568252	Trust: 3.3
db:	NVD	id:	CVE-2014-0347	Trust: 2.8
db:	JVN	id:	JVNVU93154457	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001919	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-167	Trust: 0.7
db:	BID	id:	66687	Trust: 0.4
db:	SEEBUG	id:	SSVID-62088	Trust: 0.1
db:	VULHUB	id:	VHN-67840	Trust: 0.1

sources: CERT/CC: VU#568252 // VULHUB: VHN-67840 // BID: 66687 // JVNDB: JVNDB-2014-001919 // CNNVD: CNNVD-201404-167 // NVD: CVE-2014-0347

REFERENCES

url:	https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0	Trust: 3.2
url:	http://www.kb.cert.org/vuls/id/568252	Trust: 2.5
url:	https://www.websense.com/content/web-security-gateway-anywhere-features.aspx	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/200.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0347	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93154457/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0347	Trust: 0.8
url:	http://www.websense.com	Trust: 0.3
url:	https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0	Trust: 0.1

sources: CERT/CC: VU#568252 // VULHUB: VHN-67840 // BID: 66687 // JVNDB: JVNDB-2014-001919 // CNNVD: CNNVD-201404-167 // NVD: CVE-2014-0347

CREDITS

Patrick Kelley of Critical Assets

Trust: 0.3

sources: BID: 66687

SOURCES

db:	CERT/CC	id:	VU#568252
db:	VULHUB	id:	VHN-67840
db:	BID	id:	66687
db:	JVNDB	id:	JVNDB-2014-001919
db:	CNNVD	id:	CNNVD-201404-167
db:	NVD	id:	CVE-2014-0347

LAST UPDATE DATE

2025-04-13T23:39:11.120000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#568252	date:	2014-04-07T00:00:00
db:	VULHUB	id:	VHN-67840	date:	2014-04-14T00:00:00
db:	BID	id:	66687	date:	2014-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001919	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201404-167	date:	2014-04-16T00:00:00
db:	NVD	id:	CVE-2014-0347	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#568252	date:	2014-04-07T00:00:00
db:	VULHUB	id:	VHN-67840	date:	2014-04-12T00:00:00
db:	BID	id:	66687	date:	2014-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001919	date:	2014-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201404-167	date:	2014-04-16T00:00:00
db:	NVD	id:	CVE-2014-0347	date:	2014-04-12T04:37:31.377