MidnightBSD

Advisories for finjan_software

CVE-2002-1961 HIGH

Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name (FQDN) that ends in a "." (dot).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
finjan_software surfingate 6.0.1
finjan_software surfingate 6.0
CVE-2002-1962 HIGH

Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL with an IP address instead of a hostname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
finjan_software surfingate 6.0.1
finjan_software surfingate 6.0
CVE-2004-2107 HIGH

Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
finjan_software surfingate 7.0
finjan_software surfingate 6.0_5
finjan_software surfingate 6.0_1
finjan_software surfingate 6.0
CVE-2005-1994 MEDIUM

Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
finjan_software surfingate 7.0_sp3
finjan_software surfingate 7.0_sp2