Short Name |
APP:WEBSENSE-TRITON-RCE |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Websense Triton 'ws_irpt.exe' Remote Command Execution Vulnerability |
Release Date |
2012/05/04 |
Update Number |
2130 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known flaw in Websense Triton. A successful attack would result in SYSTEM-level command execution. This vector is normally protected by SSL/TLS encryption. In such cases, in order for the IDP to protect your server, the SSL private key must be loaded on the IDP, the SSL Forward Proxy feature must be utilized, or some other SSL off-loading system must be used.
Websense Triton is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.