VAR-201508-0024
Vulnerability from variot - Updated: 2023-12-18 12:37Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_debug.cgi. Websense Content Gateway is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. Websense Content Gateway is a set of Web proxy platform of American Websense company. The platform provides features such as real-time content scanning and Web site classification
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "websense",
"version": "8.0.0"
},
{
"model": "websense content gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "8.0.0 hf02"
},
{
"model": "content gateway build",
"scope": "eq",
"trust": 0.3,
"vendor": "websense",
"version": "8.01165"
},
{
"model": "content gateway hf02",
"scope": "ne",
"trust": 0.3,
"vendor": "websense",
"version": "8.0"
}
],
"sources": [
{
"db": "BID",
"id": "75160"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004045"
},
{
"db": "NVD",
"id": "CVE-2015-5718"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-099"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:websense:content_gateway:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5718"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SEC Consult Vulnerability Lab",
"sources": [
{
"db": "BID",
"id": "75160"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-5718",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-83679",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5718",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-099",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83679",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83679"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004045"
},
{
"db": "NVD",
"id": "CVE-2015-5718"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-099"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_debug.cgi. Websense Content Gateway is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. \nA remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. Websense Content Gateway is a set of Web proxy platform of American Websense company. The platform provides features such as real-time content scanning and Web site classification",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5718"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004045"
},
{
"db": "BID",
"id": "75160"
},
{
"db": "VULHUB",
"id": "VHN-83679"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5718",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "132968",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033263",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004045",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-099",
"trust": 0.7
},
{
"db": "BID",
"id": "75160",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-83679",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83679"
},
{
"db": "BID",
"id": "75160"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004045"
},
{
"db": "NVD",
"id": "CVE-2015-5718"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-099"
}
]
},
"id": "VAR-201508-0024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-83679"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:57.933000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "v8.0.0: About Hotfix 02 for Websense Content Gateway",
"trust": 0.8,
"url": "http://www.websense.com/support/article/kbarticle/v8-0-0-about-hotfix-02-for-websense-content-gateway"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83679"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004045"
},
{
"db": "NVD",
"id": "CVE-2015-5718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150805-0_websense_content_gateway_stack_buffer_overflow_in_handle_debug_network_v10.txt"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2015/aug/8"
},
{
"trust": 1.7,
"url": "http://www.websense.com/support/article/kbarticle/v8-0-0-about-hotfix-02-for-websense-content-gateway"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/536138/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/132968/websense-triton-content-manager-8.0.0-build-1165-buffer-overflow.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033263"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5718"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5718"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/536138/100/0/threaded"
},
{
"trust": 0.3,
"url": "https://www.websense.com/content/home.aspx"
},
{
"trust": 0.3,
"url": "http://www.websense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83679"
},
{
"db": "BID",
"id": "75160"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004045"
},
{
"db": "NVD",
"id": "CVE-2015-5718"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-099"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-83679"
},
{
"db": "BID",
"id": "75160"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004045"
},
{
"db": "NVD",
"id": "CVE-2015-5718"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-099"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-83679"
},
{
"date": "2015-08-05T00:00:00",
"db": "BID",
"id": "75160"
},
{
"date": "2015-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004045"
},
{
"date": "2015-08-12T14:59:26.167000",
"db": "NVD",
"id": "CVE-2015-5718"
},
{
"date": "2015-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-099"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-83679"
},
{
"date": "2015-08-05T00:00:00",
"db": "BID",
"id": "75160"
},
{
"date": "2015-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004045"
},
{
"date": "2018-10-09T19:57:40.987000",
"db": "NVD",
"id": "CVE-2015-5718"
},
{
"date": "2015-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-099"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Websense Content Gateway of Manager of handle_debug_network Stack-based buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004045"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-099"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…