[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GFI WebMonitor Admin UI Remote Script Code Injection

GFI WebMonitor Admin UI Remote Script Code Injection

Affected Products/Versions

Product Name: GFI Webmonitor
Version Number: 2009
Build Number: 20100324
Platform: Microsoft Windows

Product/Company Information

GFI WebMonitor is a enterprise filtering and monitoring solution for web traffic, 
that also protects users against viruses, spyware, malware and phishing scams. 

From GFI's website:

		"GFI WebMonitor offers web security features that allow you to control your 
employees Internet access by monitoring what files employees are downloading, to 
block file types such as MP3s and to scan all files for viruses, spyware and malware 
using multiple antivirus engines. GFI WebMonitor lowers the risk of social engineering 
by blocking access to phishing websites through the use of an auto-updatable database 
of phishing urls. The web monitoring features also allow you to monitor and block 
Live Messengenger (MSN) chat sessions and file transfers."

GFI's Website can be found at http://www.gfi.com

Vulnerability Description

GFI WebMonitor works as a proxy for HTTP communication and is doing insufficient 
input filtering on data, send to the proxy port. This enables attackers to inject 
script code that will be executed within the GFI WebMonitor configuration UI.

Patch Information


Advisory Information

This: http://www.oliverkarow.de/research/GFIWebMonitor.txt
Blog: http://oliver.greyhat.de/2010/08/25/gfi-webmonitor-admin-ui-remote-script-code-injection/


27/07/2010 - Informing GFI about vulnerability
28/07/2010 - Initial response from GFI
29/07/2010 - Sending full vulnerability description to GFI 
17/08/2010 - GFI sent fix for testing
20/08/2010 - Fix successfully tested, sent response to GFI
25/08/2010 - Advisory release