Vulnerability CVE-2004-0039
Published: 2004-03-03   Modified: 2012-02-12

Description:
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Checkpoint -> Firewall-1 

 References:
http://marc.info/?l=bugtraq&m=107604682227031&w=2
http://www.checkpoint.com/techsupport/alerts/security_server.html
http://www.ciac.org/ciac/bulletins/o-072.shtml
http://www.kb.cert.org/vuls/id/790771
http://www.securityfocus.com/bid/9581
http://www.us-cert.gov/cas/techalerts/TA04-036A.html
http://xforce.iss.net/xforce/alerts/id/162
http://xforce.iss.net/xforce/xfdb/14149
Copyright 2024, cxsecurity.com

 

Back to Top