Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2004-2107

EPSS 10.43% · P93
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2004-2107

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Finjan SurfinGate FHTTP重启命令执行漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Finjan SurfinGate提供对WEB通信的恶意代码扫描,主要对active内容进行基于行为的过滤。 Finjan SurfinGate不正确处理特殊构建的请求,远程攻击者可以利用这个漏洞重启服务,可造成拒绝服务。 SurfinGate扫描服务器接收命令是通过监听控制端口(默认TCP/3141),并使用FHTTP协议进行控制,但这些命令没有进行任何验证并可以来自任何地方,包括本地的HTTP代理,因此允许任意用户通过代理服务器发送服务命令。 请求的'finjan-parameter-type'参数就
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2004-2107

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2004-2107

登录查看更多情报信息。

Same Patch Batch · n/a · 2005-05-27 · 43 CVEs total

CVE-2004-2124Gallery远程全局变量注入漏洞
CVE-2004-2114InternetNow ProxyNow基于堆栈的缓冲区溢出漏洞
CVE-2004-2127Leif M. Wright Web Blog远程文件泄露漏洞
CVE-2004-2126Internet Security Systems BlackICE PC保护升级文件权限漏洞
CVE-2004-2128BRS WebWeaver ISAPISkeleton.dll跨站脚本攻击(XSS)漏洞
CVE-2004-2131IBM Informix多个本地权限提升漏洞
CVE-2004-2132PJ CGI Neo Review目录遍历漏洞
CVE-2004-2133第三方CVSup ELF RPATH库包含不安全路径漏洞
CVE-2004-2134OracleAS TopLink Mapping Workbench弱加密算法漏洞
CVE-2004-2130phpBB Privmsg.PHP跨站脚本漏洞
CVE-2004-2125ISS BlackICE PC保护blackd.exe程序本地缓冲区溢出漏洞
CVE-2004-2123Nextplace.com电子商务ASP引擎多个跨站脚本(XSS)漏洞。
CVE-2004-2122Intra Forum intraforum_db.cgi 跨站点脚本漏洞
CVE-2004-2121Corel Paradox的Borland Webserver目录遍历漏洞
CVE-2004-2120Reptile Web服务器服务远程拒绝漏洞
CVE-2004-2119TinyServer多个漏洞
CVE-2004-2118TinyServer多个漏洞
CVE-2004-2117TinyServer Multiple漏洞
CVE-2004-2116TinyServer多个漏洞
CVE-2004-2115Oracle HTTP Server isqlplus跨站脚本漏洞

Showing top 20 of 43 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2004-2107

No comments yet

Leave a comment