APP: Websense Triton 'ws_irpt.exe' Remote Command Execution Vulnerability
This signature detects attempts to exploit a known flaw in Websense Triton. A successful attack would result in SYSTEM-level command execution. This vector is normally protected by SSL/TLS encryption. In such cases, in order for the IDP to protect your server, the SSL private key must be loaded on the IDP, the SSL Forward Proxy feature must be utilized, or some other SSL off-loading system must be used.
Extended Description
Websense Triton is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
Affected Products
Websense web_security_gateway
References
BugTraq: 51086
URL: http://www.websense.com https://www.websense.com/content/mywebsense-hotfixes.aspx
Short Name
APP:WEBSENSE-TRITON-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
'ws_irpt.exe' Command Execution Remote Triton Vulnerability Websense bid:51086
Release Date
05/04/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Websense