Sign-up

ID

VAR-201503-0416


CVE

CVE-2014-9711


TITLE

plural Websense Cross-site scripting vulnerability in product research reports

Trust: 0.8

sources: JVNDB: JVNDB-2015-001938

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. TRITON AP-WEB provides real-time protection against advanced threats and data theft for local and remote users; Web Security and Filter (Web security and filtering) prevents network attacks and reduces malware infections. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. ------------------------------------------------------------------------ Multiple Cross-Site Scripting vulnerabilities in Websense Reporting ------------------------------------------------------------------------ Han Sahin, September 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It has been found that Websense Reporting is affected by multiple Cross-Site Scripting issues. Cross-Site Scripting allows an attacker to perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was discovered on Websense Triton v7.8.3 and Websense appliance modules V-Series v7.7. Other versions may be affected as well. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Websense released hotfix 02 for Websense Triton v7.8.4 in which this issue is fixed. More information about this hotfix can be found at the following location: http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-02-for-Web-Security-Solutions This issue is resolved in TRITON APX Version 8.0. More information about the fixed can be found at the following location: http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html One example of a vulnerable request parameter is the col. Its value is copied into the value of an HTML tag attribute; encapsulated in double quotation marks. The value echoed unmodified (without output encoding) in the application's response. This vulnerability can be reproduced using the following steps: - login into Admin GUI; - open the proof of concept below; - hover over 'Risk Class' in left corner. https://<target>:9443/explorer_wse/explorer_anon.exe?col=a86de%27onmouseover%3d%27alert%28document.cookie%29%27de90f&delAdmin=0&startDate=2014-07-31&endDate=2014-08-01 An attacker must trick victims into opening the attacker's specially crafted link. This is for example possible by sending a victim a link in an email or instant message. Once a victim opens the specially crafted link, arbitrary client-side scripting code will be executed in the victim's browser. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes

Trust: 1.8

sources: NVD: CVE-2014-9711 // JVNDB: JVNDB-2015-001938 // VULHUB: VHN-77656 // PACKETSTORM: 130905

AFFECTED PRODUCTS

vendor:websensemodel:triton web securityscope:lteversion:7.8.3

Trust: 1.0

vendor:websensemodel:triton web filterscope:lteversion:7.8.3

Trust: 1.0

vendor:websensemodel:triton web security gateway anywherescope:lteversion:7.8.3

Trust: 1.0

vendor:websensemodel:triton ap webscope:lteversion:7.8.3

Trust: 1.0

vendor:websensemodel:triton web security gatewayscope:lteversion:7.8.3

Trust: 1.0

vendor:web sensemodel:websense triton ap-webscope:ltversion:8.0.0

Trust: 0.8

vendor:web sensemodel:websense web filterscope:ltversion:7.8.3 thats all 7.8.3 hotfix 02

Trust: 0.8

vendor:web sensemodel:websense web filterscope:ltversion:7.8.4 thats all 7.8.4 hotfix 01

Trust: 0.8

vendor:web sensemodel:websense web securityscope:ltversion:7.8.3 thats all 7.8.3 hotfix 02

Trust: 0.8

vendor:web sensemodel:websense web securityscope:ltversion:7.8.4 thats all 7.8.4 hotfix 01

Trust: 0.8

vendor:web sensemodel:websense web security gatewayscope:ltversion:7.8.3 thats all 7.8.3 hotfix 02

Trust: 0.8

vendor:web sensemodel:websense web security gatewayscope:ltversion:7.8.4 thats all 7.8.4 hotfix 01

Trust: 0.8

vendor:web sensemodel:websense web security gateway anywherescope:ltversion:7.8.3 thats all 7.8.3 hotfix 02

Trust: 0.8

vendor:web sensemodel:websense web security gateway anywherescope:ltversion:7.8.4 thats all 7.8.4 hotfix 01

Trust: 0.8

vendor:websensemodel:triton web filterscope:eqversion:7.8.3

Trust: 0.6

vendor:websensemodel:triton web securityscope:eqversion:7.8.3

Trust: 0.6

vendor:websensemodel:triton ap webscope:eqversion:7.8.3

Trust: 0.6

vendor:websensemodel:triton web security gateway anywherescope:eqversion:7.8.3

Trust: 0.6

vendor:websensemodel:triton web security gatewayscope:eqversion:7.8.3

Trust: 0.6

sources: JVNDB: JVNDB-2015-001938 // CNNVD: CNNVD-201503-557 // NVD: CVE-2014-9711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9711
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-9711
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201503-557
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77656
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9711
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-77656
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-77656 // JVNDB: JVNDB-2015-001938 // CNNVD: CNNVD-201503-557 // NVD: CVE-2014-9711

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-77656 // JVNDB: JVNDB-2015-001938 // NVD: CVE-2014-9711

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-557

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 130905 // CNNVD: CNNVD-201503-557

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001938

PATCH
title:Vulnerabilities resolved in TRITON APX Version 8.0url:http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
Trust: 0.8
title:v7.8.3: About Hotfix 02 for Web Security Solutionsurl:http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions
Trust: 0.8
title:v7.8.4: About Hotfix 01 for Web Security Solutionsurl:http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001938

EXTERNAL IDS
db:NVDid:CVE-2014-9711
Trust: 2.5
db:PACKETSTORMid:130905
Trust: 1.8
db:PACKETSTORMid:130903
Trust: 1.7
db:JVNDBid:JVNDB-2015-001938
Trust: 0.8
db:CNNVDid:CNNVD-201503-557
Trust: 0.7
db:VULHUBid:VHN-77656
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77656 // 
            
            
            
            JVNDB: JVNDB-2015-001938 // 
            
            
            
            PACKETSTORM: 130905 // 
            
            
            
            CNNVD: CNNVD-201503-557 // 
            
            
            
            NVD: CVE-2014-9711

REFERENCES
url:http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0
Trust: 1.8
url:https://www.securify.nl/advisory/sfy20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html
Trust: 1.8
url:http://www.websense.com/support/article/kbarticle/v7-8-3-about-hotfix-02-for-web-security-solutions
Trust: 1.7
url:http://www.websense.com/support/article/kbarticle/v7-8-4-about-hotfix-01-for-web-security-solutions
Trust: 1.7
url:http://seclists.org/fulldisclosure/2015/mar/109
Trust: 1.7
url:http://seclists.org/fulldisclosure/2015/mar/110
Trust: 1.7
url:http://packetstormsecurity.com/files/130903/websense-explorer-report-scheduler-cross-site-scripting.html
Trust: 1.7
url:http://packetstormsecurity.com/files/130905/websense-reporting-cross-site-scripting.html
Trust: 1.7
url:https://www.securify.nl/advisory/sfy20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html
Trust: 1.7
url:http://www.securityfocus.com/archive/1/534917/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/534915/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9711
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9711
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/534917/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/534915/100/0/threaded
Trust: 0.6
url:http://www.websense.com/support/article/kbarticle/v7-8-4-about-hotfix-02-for-web-security-solutions
Trust: 0.1
url:https://<target>:9443/explorer_wse/explorer_anon.exe?col=a86de%27onmouseover%3d%27alert%28document.cookie%29%27de90f&deladmin=0&startdate=2014-07-31&enddate=2014-08-01
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77656 // 
            
            
            
            JVNDB: JVNDB-2015-001938 // 
            
            
            
            PACKETSTORM: 130905 // 
            
            
            
            CNNVD: CNNVD-201503-557 // 
            
            
            
            NVD: CVE-2014-9711

CREDITS
Han Sahin
Trust: 0.1
sources:
            
            
            PACKETSTORM: 130905

SOURCES
db:VULHUBid:VHN-77656
db:JVNDBid:JVNDB-2015-001938
db:PACKETSTORMid:130905
db:CNNVDid:CNNVD-201503-557
db:NVDid:CVE-2014-9711

LAST UPDATE DATE
2025-04-13T23:22:29.091000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-77656date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2015-001938date:2015-03-27T00:00:00
db:CNNVDid:CNNVD-201503-557date:2015-03-26T00:00:00
db:NVDid:CVE-2014-9711date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-77656date:2015-03-25T00:00:00
db:JVNDBid:JVNDB-2015-001938date:2015-03-27T00:00:00
db:PACKETSTORMid:130905date:2015-03-19T05:43:17
db:CNNVDid:CNNVD-201503-557date:2015-03-26T00:00:00
db:NVDid:CVE-2014-9711date:2015-03-25T14:59:00.063