All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2015-4911 is a vulnerability in multiple versions of Oracle Java SE (Java SE 6u101, 7u85, 8u60), Java SE Embedded 8u51, and JRockit R28.3.7 that allows remote attackers to disrupt service availability through JAXP (Java API for XML Processing, which handles XML data in Java programs). The vulnerability details remain unspecified, and the National Institute of Standards and Technology (NIST) has not prioritized detailed analysis of this issue.
CVE-2015-4893 is an unspecified vulnerability in multiple versions of Oracle Java SE and related products that allows remote attackers to disrupt service availability through JAXP (Java API for XML Processing, a tool Java uses to read and write XML files). The vulnerability can be exploited through web-based Java applications or by sending malicious data directly to affected APIs.
CVE-2015-4842 is a vulnerability in Oracle Java SE versions 6u101, 7u85, 8u60, and Java SE Embedded 8u51 that affects confidentiality (the protection of information from unauthorized access) through JAXP (Java API for XML Processing). The vulnerability can only be exploited in sandboxed Java Web Start applications and sandboxed Java applets (small programs run through a web browser in a restricted environment), making it limited to client-side Java deployments.
CVE-2015-4803 is an unspecified vulnerability in Oracle Java SE versions 6u101, 7u85, 8u60, and related products that affects system availability through JAXP (Java API for XML Processing, a library for handling XML documents). The vulnerability can be exploited remotely through sandboxed Java Web Start applications, Java applets, or by sending malicious data to affected APIs, such as through a web service.
A vulnerability (CVE-2015-2773) in Websense TRITON V-Series appliances before version 8.0.0 allows attackers to read files they shouldn't have access to through unspecified methods. This affects a security appliance (a hardware device that protects networks), making it a serious risk for organizations using older versions of this equipment.
CVE-2015-2772 is a vulnerability in Websense TRITON V-Series appliances (security devices that filter network traffic) before version 8.0.0 that allows attackers to upload arbitrary files through unspecified attack methods. The vulnerability affects the SVM (security virtual machine, a component that processes security policies) and could let an attacker place unwanted files on the device.
Websense TRITON AP-EMAIL and V-Series appliances before version 8.0.0 stored login credentials in plaintext (unencrypted text readable by anyone), allowing remote attackers to steal this sensitive information. This is a serious flaw because plaintext credentials give attackers direct access to the mail server without needing to crack encrypted passwords.
A cross-site request forgery vulnerability (CSRF, a type of attack where an attacker tricks a user into performing unwanted actions on a website they're logged into) was found in Websense TRITON V-Series appliances before version 8.0.0, allowing remote attackers to hijack user authentication through unknown methods. The vulnerability affects the command line page of these security appliances.
Websense TRITON AP-EMAIL versions before 8.0.0 contain multiple CSRF vulnerabilities (cross-site request forgery, a type of attack where an attacker tricks a user into performing unwanted actions on a website where they're logged in) in its Personal Email Manager feature that could allow attackers to take over user accounts. The exact details of how the attack works are not publicly disclosed.
A cross-site scripting vulnerability (XSS, a weakness where attackers inject malicious code into web pages) was found in Websense TRITON AP-EMAIL versions before 8.0.0 and V-Series 7.7 appliances, allowing remote attackers to inject arbitrary web scripts or HTML through unspecified entry points. The vulnerability has a CVSS score (a 0-10 rating of how severe a security flaw is) of 4.0.
CVE-2015-2767 is an unspecified vulnerability in Websense TRITON AP-EMAIL (an email security tool) versions before 8.0.0 related to the "Autocomplete Enabled" feature, but the exact impact and how attackers could exploit it are not detailed in available information. The vulnerability's severity rating (CVSS score, a 0-10 measure of how serious a vulnerability is) has not yet been officially assessed.
CVE-2015-2766 is a vulnerability in Websense TRITON AP-EMAIL versions before 8.0.0 that affects the Personal Email Manager (PEM) component. Attackers can exploit this flaw using a brute force attack (repeatedly trying many passwords or login combinations to gain unauthorized access), potentially causing unspecified damage to the system.
Websense TRITON AP-EMAIL versions before 8.0.0 contain a vulnerability that allows attackers to perform clickjacking attacks (tricking users into clicking something they didn't intend to click by disguising a malicious link as a legitimate one) through unspecified methods. The weakness stems from improper input validation (failing to check that data entering the system is safe and expected).
Websense TRITON AP-DATA versions before 8.0.0 contain multiple cross-site scripting (XSS, a type of attack where malicious code is injected into web pages) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML through unspecified vectors in the DSS Mobile or DLP report catalog.
CVE-2015-2763 is a vulnerability in Websense TRITON AP-EMAIL (a security product that filters email) versions before 8.0.0 involving port 17703, but the exact nature of the vulnerability and how it could be exploited are not publicly detailed. The vulnerability has an unknown impact and attack vector, making it difficult for users to understand the risk without more information.
Websense TRITON AP-WEB versions before 8.0.0 contain a vulnerability that allows attackers to discover Windows domain user accounts through HTTP authentication methods (a process called enumeration, where attackers list valid usernames without needing passwords). This flaw exposes sensitive information to unauthorized users.
A cross-site scripting (XSS) vulnerability, which is a weakness where attackers inject malicious code into web pages, was found in Websense TRITON AP-WEB versions before 8.0.0 on its Exceptions and Scanning Exceptions pages. Remote attackers could exploit this flaw through unspecified methods to inject harmful scripts or HTML code.
Websense TRITON V-Series appliances (network security devices) before version 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 contain a vulnerability that allows remote administrators to read files they shouldn't have access to and obtain passwords by sending specially crafted requests to the system. This is a serious security flaw because it exposes sensitive information to unauthorized users.
Websense TRITON AP-WEB versions before 8.0.0 have a flaw where certain files in the explorer_wse/ folder are not properly protected, allowing attackers to access sensitive information like security incident reports and configuration files by making direct web requests. This is a type of access control vulnerability (a failure to properly restrict who can view certain files).
CVE-2015-2747 is a cross-site scripting (XSS) vulnerability (a type of attack where an attacker injects malicious code into a webpage that runs in users' browsers) in Websense Triton 7.8.3 and V-Series 7.7 appliances' data loss prevention (DLP, a security tool that prevents sensitive data from leaving an organization) feature. Remote attackers can exploit this by sending crafted emails or HTTP requests to inject arbitrary web scripts or HTML code.
Fix: Update Websense TRITON V-Series appliances to version 8.0.0 or later. The vendor advisory referenced indicates that vulnerabilities were resolved in TRITON APX Version 8.0.
NVD/CVE DatabaseFix: Update Websense TRITON V-Series appliances to version 8.0.0 or later. According to the source, vulnerabilities were resolved in TRITON APX Version 8.0, which is referenced in the official Websense support advisory.
NVD/CVE DatabaseFix: Upgrade to Websense TRITON APX Version 8.0 or later, as referenced in the vendor advisory at http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0.
NVD/CVE DatabaseFix: Upgrade to Websense TRITON APX Version 8.0.0 or later, as indicated by the vendor advisory referencing vulnerabilities resolved in TRITON APX Version 8.0.
NVD/CVE DatabaseFix: Update Websense TRITON AP-EMAIL to version 8.0.0 or later, as indicated by the vendor advisory at http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0.
NVD/CVE DatabaseFix: Update to Websense TRITON AP-EMAIL Version 8.0.0 or later. (The source references a Websense support article about 'Vulnerabilities resolved in TRITON APX Version 8.0'.)
NVD/CVE DatabaseFix: Upgrade Websense TRITON AP-EMAIL to version 8.0.0 or later.
NVD/CVE DatabaseFix: Upgrade Websense TRITON AP-EMAIL to version 8.0.0 or later.
NVD/CVE DatabaseFix: Upgrade to Websense TRITON AP-DATA version 8.0.0 or later.
NVD/CVE DatabaseFix: Update Websense TRITON AP-EMAIL to version 8.0.0 or later, as indicated by the vulnerability affecting versions 'before 8.0.0.'
NVD/CVE DatabaseFix: Update Websense TRITON AP-WEB to version 8.0.0 or later. According to the source, vulnerabilities were resolved in TRITON APX Version 8.0.
NVD/CVE DatabaseFix: Update Websense TRITON V-Series appliances to version 7.8.3 Hotfix 03 or version 7.8.4 Hotfix 01 or later, as specified in the vendor advisories from Websense.
NVD/CVE DatabaseFix: Update Websense TRITON AP-WEB to version 8.0.0 or later.
NVD/CVE Database