{"vuid":"VU#790980","idnumber":"790980","name":"Proofpoint Protection Server contains multiple vulnerabilities","keywords":[""],"overview":"Proofpoint Protection Server contains multiple vulnerabilities including authentication bypass, insufficient authorization checks, command injection, SQL injection, and directory traversal.","clean_desc":"Clear Skies Security's advisory states: \"Enduser Authentication Bypass\nUser-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials. Path Traversal Allows Access to System Files\nArbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection\nA publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection\nA function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization\nSome administrative modules are accessible without authenticating with the application.\"","impact":"An attacker may be able to bypass authentication to the web interface, run system commands, or download arbitrary files.","resolution":"Apply an Update\nThe following patches should be applied to the relevant versions. Patch 1044 for versions 5.5.3, 5.5.4, and 5.5.5\nPatch 1045 for versions 6.0.2\nPatch 1046 for versions 6.1.1 and 6.2.0","workarounds":"Restrict Access\nAppropriate firewall rules should be implemented to restrict access to only legitimate users of the system.","sysaffected":"","thanks":"Thanks to Scott Miles of Clear Skies Security for reporting these vulnerabilities.","author":"This document was written by Jared Allar.","public":["http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php","https://support.proofpoint.com/article.cgi?article_id=338413"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-03-02T01:54:24Z","publicdate":"2011-05-02T00:00:00Z","datefirstpublished":"2011-05-02T12:34:27Z","dateupdated":"2011-05-02T18:21:59Z","revision":15,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"1","cam_exploitation":"4","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"22.5","cam_scorecurrentwidelyknown":"51","cam_scorecurrentwidelyknownexploited":"75","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":22.5,"vulnote":null}