Multiple Check Point Firewall-1 HTTP Security Server Remote Format String Vulnerabilities
BID:9581
Info
Multiple Check Point Firewall-1 HTTP Security Server Remote Format String Vulnerabilities
| Bugtraq ID: | 9581 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0039 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery credited to Mark Dowd. |
| Vulnerable: |
Check Point Software Nokia Voyager 4.1 Check Point Software NG-AI R55 Check Point Software NG-AI R54 Check Point Software NG-AI Check Point Software Next Generation FP3 HF2 Check Point Software Next Generation FP3 HF1 Check Point Software Next Generation FP3 Check Point Software Next Generation FP2 Check Point Software Next Generation FP1 Check Point Software Firewall-1 4.1 SP6 Check Point Software Firewall-1 4.1 SP5 Check Point Software Firewall-1 4.1 SP4 Check Point Software Firewall-1 4.1 SP3 Check Point Software Firewall-1 4.1 SP2 Check Point Software Firewall-1 4.1 SP1 Check Point Software Firewall-1 4.1 |
| Not Vulnerable: | |
Discussion
Multiple Check Point Firewall-1 HTTP Security Server Remote Format String Vulnerabilities
Problems in the handling of some types of HTTP requests from remote users have been identified in Check Point Firewall-1 HTTP Application Intelligence and HTTP Security Server. Because of this, it is possible for a remote attacker to gain unauthorized access to a vulnerable system with administrative privileges.
Problems in the handling of some types of HTTP requests from remote users have been identified in Check Point Firewall-1 HTTP Application Intelligence and HTTP Security Server. Because of this, it is possible for a remote attacker to gain unauthorized access to a vulnerable system with administrative privileges.
Exploit / POC
Multiple Check Point Firewall-1 HTTP Security Server Remote Format String Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Multiple Check Point Firewall-1 HTTP Security Server Remote Format String Vulnerabilities
Solution:
Check Point has made fixes available to resolve this issue. Customers with support contracts may obtain fixes from Check Point support channels. See referenced advisory for additional details.
Solution:
Check Point has made fixes available to resolve this issue. Customers with support contracts may obtain fixes from Check Point support channels. See referenced advisory for additional details.
References
Multiple Check Point Firewall-1 HTTP Security Server Remote Format String Vulnerabilities
References:
References:
- Check Point Technical Support (Check Point Software)
- Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities (ISS)
- FireWall-1 HTTP Security Server Vulnerability (Check Point Software)