Lucene search

[email protected]CVE-2004-2107

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2107

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

finjan

surfingate

proxy mode

authentication bypass

cve-2004-2107

nvd

security issue

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.4%

JSON

Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.

CPENameOperatorVersion
finjan_software:surfingatefinjan software surfingateeq6.0_5
finjan_software:surfingatefinjan software surfingateeq6.0
finjan_software:surfingatefinjan software surfingateeq7.0
finjan_software:surfingatefinjan software surfingateeq6.0_1

CPE	Name	Operator	Version
finjan_software:surfingate	finjan software surfingate	eq	6.0_5
finjan_software:surfingate	finjan software surfingate	eq	6.0
finjan_software:surfingate	finjan software surfingate	eq	7.0
finjan_software:surfingate	finjan software surfingate	eq	6.0_1

References

archives.neohapsis.com/archives/fulldisclosure/2004-01/0929.html

marc.info/?l=bugtraq&m=107487999406339&w=2

marc.info/?l=bugtraq&m=107522480913629&w=2

secunia.com/advisories/10714

www.securityfocus.com/bid/9478

exchange.xforce.ibmcloud.com/vulnerabilities/14934

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2004-2107

nessus1