Finjan SurfinGate Proxy FHTTP Command Admin Functions Authentication Bypass
High Nessus Network Monitor Plugin ID 1169
SynopsisThe remote proxy can be tricked into executing commands.
DescriptionThe remote host is running a Finjan proxy. It may be possible to use this proxy and force it to connect to itself, to then issue administrative commands to this service. An attacker may use this flaw to force this proxy to restart continuously, although other administrative commands might be executable.
SolutionBlock all connections to '*:ControlPort'.