Intrusion Prevention

FloosieTek.FTGatePro.Mail.Server.Vuln

Description

It indicates a malicious attacker attempted a Cross Site Scripting attack against FTGatePro. FTGatePro suffers from multiple vulnerabilities that could lead to a variety of security issues. First, the web administrative interface (listening on port 8089) discloses the installation path of the server. This could aid an attacker when trying to enumerate the system. A more serious issue is the Cross Site Scripting vulnerability in the same web administrative interface. If a legitimate user followed a link created by an attacker containing malicious HTML and web script code, that code could potentially be executed on the system.

Affected Products

Floosietek FTGatePro 1.22 (1331)

Impact

Compromise of the affected system or Information Leakage.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.