Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2107

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2107
Last Modified 05 Sep 2008 04:43:13
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2107

Summary

Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.

Vulnerable Systems

Application

  • Finjan Software Surfingate 6.0

  • Finjan Software Surfingate 6.0 1

  • Finjan Software Surfingate 6.0 5

  • Finjan Software Surfingate 7.0


References

BID - 9478

SECUNIA - 10714

BUGTRAQ - 20040126 RE: Finjan SurfinGate Vulnerability

BUGTRAQ - 20040123 Finjan SurfinGate Vulnerability

XF - finjan-surfingate-execute-commands(14934)


Last Updated: 27 May 2016 10:39:21