Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Surfingate | Finjan_software | 6.0 (including) | 6.0 (including) |
Surfingate | Finjan_software | 6.0_1 (including) | 6.0_1 (including) |
Surfingate | Finjan_software | 6.0_5 (including) | 6.0_5 (including) |
Surfingate | Finjan_software | 7.0 (including) | 7.0 (including) |