Описание
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
Ссылки
- ExploitPatch
- ExploitPatch
- ExploitPatch
- ExploitPatch
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:finjan_software:surfingate:6.0:*:*:*:*:*:*:*
cpe:2.3:a:finjan_software:surfingate:6.0_1:*:*:*:*:*:*:*
cpe:2.3:a:finjan_software:surfingate:6.0_5:*:*:*:*:*:*:*
cpe:2.3:a:finjan_software:surfingate:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10434
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
EPSS
Процентиль: 93%
0.10434
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other