Details of VAR-201508-0024

ID

VAR-201508-0024

CVE

CVE-2015-5718

TITLE

Websense Content Gateway of Manager of handle_debug_network Stack-based buffer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2015-004045

DESCRIPTION

Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_debug.cgi. Websense Content Gateway is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. Websense Content Gateway is a set of Web proxy platform of American Websense company. The platform provides features such as real-time content scanning and Web site classification

Trust: 1.98

sources: NVD: CVE-2015-5718 // JVNDB: JVNDB-2015-004045 // BID: 75160 // VULHUB: VHN-83679

AFFECTED PRODUCTS

vendor:	websense	model:	content gateway	scope:	eq	version:	8.0.0	Trust: 1.6
vendor:	web sense	model:	websense content gateway	scope:	lt	version:	8.0.0 hf02	Trust: 0.8
vendor:	websense	model:	content gateway build	scope:	eq	version:	8.01165	Trust: 0.3
vendor:	websense	model:	content gateway hf02	scope:	ne	version:	8.0	Trust: 0.3

sources: BID: 75160 // JVNDB: JVNDB-2015-004045 // CNNVD: CNNVD-201508-099 // NVD: CVE-2015-5718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5718
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-5718
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201508-099
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83679
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-5718
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-83679
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83679 // JVNDB: JVNDB-2015-004045 // CNNVD: CNNVD-201508-099 // NVD: CVE-2015-5718

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-83679 // JVNDB: JVNDB-2015-004045 // NVD: CVE-2015-5718

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-099

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201508-099

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004045

PATCH

title:

v8.0.0: About Hotfix 02 for Websense Content Gateway

url:

http://www.websense.com/support/article/kbarticle/v8-0-0-About-Hotfix-02-for-Websense-Content-Gateway

Trust: 0.8

sources: JVNDB: JVNDB-2015-004045

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5718	Trust: 2.8
db:	PACKETSTORM	id:	132968	Trust: 1.1
db:	SECTRACK	id:	1033263	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004045	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-099	Trust: 0.7
db:	BID	id:	75160	Trust: 0.4
db:	VULHUB	id:	VHN-83679	Trust: 0.1

sources: VULHUB: VHN-83679 // BID: 75160 // JVNDB: JVNDB-2015-004045 // CNNVD: CNNVD-201508-099 // NVD: CVE-2015-5718

REFERENCES

url:	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150805-0_websense_content_gateway_stack_buffer_overflow_in_handle_debug_network_v10.txt	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2015/aug/8	Trust: 2.0
url:	http://www.websense.com/support/article/kbarticle/v8-0-0-about-hotfix-02-for-websense-content-gateway	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/536138/100/0/threaded	Trust: 1.1
url:	http://packetstormsecurity.com/files/132968/websense-triton-content-manager-8.0.0-build-1165-buffer-overflow.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1033263	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5718	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5718	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/536138/100/0/threaded	Trust: 0.6
url:	https://www.websense.com/content/home.aspx	Trust: 0.3
url:	http://www.websense.com	Trust: 0.3

sources: VULHUB: VHN-83679 // BID: 75160 // JVNDB: JVNDB-2015-004045 // CNNVD: CNNVD-201508-099 // NVD: CVE-2015-5718

CREDITS

SEC Consult Vulnerability Lab

Trust: 0.3

sources: BID: 75160

SOURCES

db:	VULHUB	id:	VHN-83679
db:	BID	id:	75160
db:	JVNDB	id:	JVNDB-2015-004045
db:	CNNVD	id:	CNNVD-201508-099
db:	NVD	id:	CVE-2015-5718

LAST UPDATE DATE

2025-04-13T23:29:33.122000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83679	date:	2018-10-09T00:00:00
db:	BID	id:	75160	date:	2015-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-004045	date:	2015-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201508-099	date:	2015-08-13T00:00:00
db:	NVD	id:	CVE-2015-5718	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83679	date:	2015-08-12T00:00:00
db:	BID	id:	75160	date:	2015-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-004045	date:	2015-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201508-099	date:	2015-08-13T00:00:00
db:	NVD	id:	CVE-2015-5718	date:	2015-08-12T14:59:26.167