Finjan SurfinGate Proxy FHTTP Command Admin Functions Authentication Bypass
High Nessus Plugin ID 12036
SynopsisThe remote proxy server has a security bypass vulnerability.
DescriptionThe remote host is running a Finjan SurfinGate, a web proxy.
It is possible to bypass admin authentication by using the proxy to connect to itself. A remote attacker could exploit this to view log information, force a policy update, or restart the service.
SolutionBlock all connection attempts to the control port.