Title: SurfControl SuperScout WebFilter SQL Injection Vulnerability
Severity: HIGH
Description:
SurfControl SuperScout WebFilter is web filtering software for Microsoft Windows operating systems. SurfControl SuperScout WebFilter includes a remotely accessible reporting service.
SurfControl SuperScout WebFilter Reports Server is prone to SQL injection attacks. This issue is due to insufficient input validation on the part of some of the reports files, which are implemented as .dlls. Input taken directly from CGI parameters for these files is used to construct SQL queries, and characters that are significant in SQL syntax are not sanitized from the parameters.
As a consequence, remote attackers are able to modify the logic of SQL queries. This may result in database corruption or disclosure of sensitive information. SQL injection attacks may also be used to exploit existing vulnerabilities in the underlying database.
Affected Products:
- SurfControl SuperScout Web Filter for Windows NT/2000 3.0.0
- SurfControl SuperScout Web Filter for Windows NT/2000 3.0.3
- SurfControl Web Filter for Windows NT/2000 4.0.0
- SurfControl Web Filter for Windows NT/2000 4.1.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
