Vulnerabilities > CVE-2004-2107 - Unspecified vulnerability in Finjan Software Surfingate
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description | Finjan SurfinGate 6.0/7.0 FHTTP Restart Command Execution Vulnerability. CVE-2004-2107. Remote exploit for linux platform |
id | EDB-ID:23585 |
last seen | 2016-02-02 |
modified | 2004-01-23 |
published | 2004-01-23 |
reporter | David Byrne |
source | https://www.exploit-db.com/download/23585/ |
title | Finjan SurfinGate 6.0/7.0 FHTTP Restart Command Execution Vulnerability |
Nessus
NASL family | Firewalls |
NASL id | FINJAN_CMD_RESTART.NASL |
description | The remote host is running a Finjan SurfinGate, a web proxy. It is possible to bypass admin authentication by using the proxy to connect to itself. A remote attacker could exploit this to view log information, force a policy update, or restart the service. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12036 |
published | 2004-02-02 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12036 |
title | Finjan SurfinGate Proxy FHTTP Command Admin Functions Authentication Bypass |
code |
|
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0929.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0929.html
- http://marc.info/?l=bugtraq&m=107487999406339&w=2
- http://marc.info/?l=bugtraq&m=107487999406339&w=2
- http://marc.info/?l=bugtraq&m=107522480913629&w=2
- http://marc.info/?l=bugtraq&m=107522480913629&w=2
- http://secunia.com/advisories/10714
- http://secunia.com/advisories/10714
- http://www.securityfocus.com/bid/9478
- http://www.securityfocus.com/bid/9478
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14934
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14934