- Description
- Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:finjan_software:surfingate:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E454259-93F6-4D13-9EF7-5F6F17F95F6A"
},
{
"criteria": "cpe:2.3:a:finjan_software:surfingate:6.0_1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF6DBAC4-9536-4E7A-B66A-7E093391DC7B"
},
{
"criteria": "cpe:2.3:a:finjan_software:surfingate:6.0_5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C4E6081-6915-4F08-9AFE-69C02F9641A1"
},
{
"criteria": "cpe:2.3:a:finjan_software:surfingate:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43B5CB53-8F1C-4EB0-9188-AEEC7075B4F4"
}
],
"operator": "OR"
}
]
}
]