Vulnerability Details : CVE-2015-5718
Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_debug.cgi.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-5718
- cpe:2.3:a:websense:content_gateway:8.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5718
62.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5718
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2015-5718
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5718
-
http://www.securityfocus.com/archive/1/536138/100/0/threaded
SecurityFocus
-
http://seclists.org/fulldisclosure/2015/Aug/8
Full Disclosure: SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_networkExploit
-
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150805-0_Websense_Content_Gateway_stack_buffer_overflow_in_handle_debug_network_v10.txt
Exploit
-
http://www.securitytracker.com/id/1033263
Websense Content Gateway Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
-
http://packetstormsecurity.com/files/132968/Websense-Triton-Content-Manager-8.0.0-Build-1165-Buffer-Overflow.html
Websense Triton Content Manager 8.0.0 Build 1165 Buffer Overflow ≈ Packet StormExploit
-
http://www.websense.com/support/article/kbarticle/v8-0-0-About-Hotfix-02-for-Websense-Content-Gateway
My Account Registration — Websense.comVendor Advisory
Jump to