VULHUB ™

A flaw was reported in the JavaScript parser included with the Finjan SurfinGate active content filter. The JavaScript parser does not sufficiently sanitize script code. It is possible to bypass the filter by obfuscating the malicious JavaScript. This may be accomplished by hex-encoding the malicious code and then passing it through a function which decodes the string (such as through the eval() method). The desktop product, Finjan SurfinShield Corporate, is not prone to this issue. Finjan also reportedly offers a free service which allows users to add custom triggers for script functions.

A flaw was reported in the JavaScript parser included with the Finjan SurfinGate active content filter. The JavaScript parser does not sufficiently sanitize script code. It is possible to bypass the filter by obfuscating the malicious JavaScript. This may be accomplished by hex-encoding the malicious code and then passing it through a function which decodes the string (such as through the eval() method). The desktop product, Finjan SurfinShield Corporate, is not prone to this issue. Finjan also reportedly offers a free service which allows users to add custom triggers for script functions.