MidnightBSD

Advisories for ingate

CVE-2003-1112 HIGH

The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ingate ingate_firewall *
ingate ingate_siparator *
CVE-2005-0311 MEDIUM

Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ingate ingate_firewall 3.2.1
ingate ingate_firewall 3.2
ingate ingate_firewall 3.3.1
ingate ingate_firewall 4.1.3
CVE-2006-2924 MEDIUM

Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ingate ingate_siparator 4.3.4
ingate ingate_firewall *
ingate ingate_firewall 4.3.4
ingate ingate_siparator *
CVE-2006-2925 MEDIUM

Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ingate siparator 4.3.1
ingate ingate_firewall 4.3.1
ingate ingate_firewall *
ingate siparator *