search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Proofpoint Protection Server contains multiple vulnerabilities

Vulnerability Note VU#790980

Original Release Date: 2011-05-02 | Last Revised: 2011-05-02


Proofpoint Protection Server contains multiple vulnerabilities including authentication bypass, insufficient authorization checks, command injection, SQL injection, and directory traversal.


Clear Skies Security's advisory states:

"Enduser Authentication Bypass
User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials.

Path Traversal Allows Access to System Files
Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface.

Proofpoint SQL Injection
A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection.

Proofpoint Command Injection
A function in the Proofpoint web interface can be manipulated into executing any command on the server.

Proofpoint Forced Browsing / Insufficient Page Authorization
Some administrative modules are accessible without authenticating with the application."


An attacker may be able to bypass authentication to the web interface, run system commands, or download arbitrary files.


Apply an Update
The following patches should be applied to the relevant versions.

    • Patch 1044 for versions 5.5.3, 5.5.4, and 5.5.5
    • Patch 1045 for versions 6.0.2
    • Patch 1046 for versions 6.1.1 and 6.2.0

Restrict Access
Appropriate firewall rules should be implemented to restrict access to only legitimate users of the system.

Vendor Information


Proofpoint Affected

Notified:  March 02, 2011 Updated: May 02, 2011



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector



Thanks to Scott Miles of Clear Skies Security for reporting these vulnerabilities.

This document was written by Jared Allar.

Other Information

CVE IDs: None
Severity Metric: 22.50
Date Public: 2011-05-02
Date First Published: 2011-05-02
Date Last Updated: 2011-05-02 18:21 UTC
Document Revision: 15

Sponsored by CISA.