F-Secure Internet Gatekeeper returns random memory data when the HTTP GET requests are too long.
A vulnerability was discovered in F-Secure Internet Gatekeeper whereby the proxy server returns random memory data as part of the response when the HTTP GET requests contains a long path. The exploit can be triggered both locally and remotely by an attacker. A successful attack will result in the attacker gaining access to random proxy server data mixed with intended response text.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
HTTP proxy option has to be turned on for a successful exploitation. Furthermore, HTTPS connection is not vulnerable to this attack.
Product | Versions | Download |
---|---|---|
F-Secure Internet Gatekeeper |
5.40 - 5.50 | Hotfix 4: Instructions: Note: |
F-Secure Internet Gatekeeper Virtual Appliance |
5.50.47.18 |
|
F-Secure Corporation would like to thank Juho Nurminen for bringing this issue to our attention.
Date Issued: 2017-11-29