Vulnerabilities > CVE-2009-3749 - Remote Denial of Service vulnerability in Websense Email Security and Personal Email Manager

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
websense
nessus
exploit available

Summary

The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response.

Vulnerable Configurations

Part Description Count
Application
Websense
2

Exploit-Db

descriptionWebsense Email Security DoS. CVE-2009-3749. Dos exploit for hardware platform
idEDB-ID:9980
last seen2016-02-01
modified2009-10-20
published2009-10-20
reporterNikolas Sotiriu
sourcehttps://www.exploit-db.com/download/9980/
titleWebsense Email Security - DoS

Nessus

NASL familyWindows
NASL idWEBSENSE_EMAIL_SECURITY_MULTIPLE_FLAWS.NASL
descriptionWebsense Email Security is installed on the remote host. The installed version is affected by multiple issues : - Websense Email Security Web Administrator service is affected by a denial of service issue. - Websense Email Security Web Administrator is affected by multiple cross-site scripting issues.
last seen2020-06-01
modified2020-06-02
plugin id42292
published2009-10-28
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/42292
titleWebsense Email Security < 7.1 Hotfix 4