Vulnerability Description
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Finjan Software | Surfingate | 6.0 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0929.htmlExploitPatch
- http://marc.info/?l=bugtraq&m=107487999406339&w=2
- http://marc.info/?l=bugtraq&m=107522480913629&w=2
- http://secunia.com/advisories/10714ExploitPatch
- http://www.securityfocus.com/bid/9478ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14934
- http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0929.htmlExploitPatch
- http://marc.info/?l=bugtraq&m=107487999406339&w=2
- http://marc.info/?l=bugtraq&m=107522480913629&w=2
- http://secunia.com/advisories/10714ExploitPatch
- http://www.securityfocus.com/bid/9478ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14934
FAQ
What is CVE-2004-2107?
CVE-2004-2107 is a vulnerability with a CVSS score of 7.5 (HIGH). Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart t...
How severe is CVE-2004-2107?
CVE-2004-2107 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2107?
Check the references section above for vendor advisories and patch information. Affected products include: Finjan Software Surfingate.