Format String Vulnerabilities in Check Point Firewall-1 Products
CVE-2004-0039

Currently unrated

Key Information:

Vendor
Checkpoint
Vendor
CVE Published:
3 March 2004

Summary

Multiple format string vulnerabilities exist in the HTTP Application Intelligence component of the Check Point Firewall-1 NG-AI R55 and R54, as well as the Firewall-1 HTTP Security Server with NG FP1, FP2, and FP3. These vulnerabilities can be exploited by remote attackers via specially crafted HTTP requests that lead to the manipulation of format string specifiers in error messages, enabling the execution of arbitrary code. This presents significant security risks if left unaddressed.

References

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.