F-Secure Internet Gatekeeper returns random memory data when the HTTP GET requests are too long.
A vulnerability was discovered in F-Secure Internet Gatekeeper whereby the proxy server returns random memory data as part of the response when the HTTP GET requests contains a long path. The exploit can be triggered both locally and remotely by an attacker. A successful attack will result in the attacker gaining access to random proxy server data mixed with intended response text.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
HTTP proxy option has to be turned on for a successful exploitation. Furthermore, HTTPS connection is not vulnerable to this attack.
|F-Secure Internet Gatekeeper
||5.40 - 5.50||
|F-Secure Internet Gatekeeper Virtual Appliance
F-Secure Corporation would like to thank Juho Nurminen for bringing this issue to our attention.
Date Issued: 2017-11-29