Finjan SurfinGate Proxy FHTTP Command Admin Functions Authentication Bypass

High Nessus Network Monitor Plugin ID 1169


The remote proxy can be tricked into executing commands.


The remote host is running a Finjan proxy. It may be possible to use this proxy and force it to connect to itself, to then issue administrative commands to this service. An attacker may use this flaw to force this proxy to restart continuously, although other administrative commands might be executable.


Block all connections to '*:ControlPort'.

See Also

Plugin Details

Severity: High

ID: 1169

Family: Web Servers

Published: 2004/08/20

Modified: 2018/07/11

Dependencies: 1442

Nessus ID: 12036

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:W/RC:C


Base Score: 7.3

Temporal Score: 7.1


Temporal Vector: CVSS3#E:H/RL:W/RC:C

Vulnerability Information

CPE: cpe:/a:finjan_software:surfingate

Reference Information

CVE: CVE-2004-2107

BID: 9478