Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Finjan SurfinGate Proxy FHTTP Command Admin Functions Authentication Bypass

High

Synopsis

The remote proxy can be tricked into executing commands.

Description

The remote host is running a Finjan proxy. It may be possible to use this proxy and force it to connect to itself, to then issue administrative commands to this service. An attacker may use this flaw to force this proxy to restart continuously, although other administrative commands might be executable.

Solution

Block all connections to '*:ControlPort'.