Title: Finjan SurfinGate ASCII File Extension File Filter Circumvention Vulnerability
Severity: HIGH
Description:
SurfinGate is a commercially available content filtering and application firewall package. It is distributed by Finjan, and available for the Sun Solaris and Microsoft Windows platforms.
SurfinGate may allow an attacker to circumvent file filters. This issue arises due to insufficient sanitization of user-supplied data.
SurfinGate uses the file extension to determine if a file is of a type that is blacklisted by the software. It has been reported that an attacker may bypass SurfinGate file filtering rules by using ASCII encoding in the file name. An attacker can simply encode the '.' character preceding the file extension to '%2e' to bypass filters.
It should be noted that an end user would still have interactively to open or execute the malicious file. This vulnerability only arises if content is not being blocked based on content-type.
SurfinGate version 7.0 SP2 and 7.0 SP3 are reportedly vulnerable. Other versions may be affected as well.
Affected Products:
- Finjan Software SurfinGate 7.0.0SP2
- Finjan Software SurfinGate 7.0.0SP3
References:
- Finjan Software: SurfinGate Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
