Описание
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2004-2107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14934
- http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0929.html
- http://marc.info/?l=bugtraq&m=107487999406339&w=2
- http://marc.info/?l=bugtraq&m=107522480913629&w=2
- http://secunia.com/advisories/10714
- http://www.securityfocus.com/bid/9478
EPSS
CVE ID
Связанные уязвимости
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
EPSS