Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0039

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0039
Last Modified 07 Mar 2011 09:15:01
Published 03 Mar 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0039

Summary

Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.

Vulnerable Systems

Application

  • Checkpoint Firewall-1


References

CERT-VN - VU#790771

CERT - TA04-036A

XF - fw1-format-string(14149)

BID - 9581

ISS - 20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities

CIAC - O-072

CONFIRM - http://www.checkpoint.com/techsupport/alerts/security_server.html

BUGTRAQ - 20040205 Two checkpoint fw-1/vpn-1 vulns


Last Updated: 27 May 2016 10:38:26