Format String Vulnerabilities in Check Point Firewall-1 Products
CVE-2004-0039

Currently unrated

Key Information:

Vendor

Checkpoint
Status
Firewall-1
Vendor
CVE Published:
3 March 2004

What is CVE-2004-0039?

Multiple format string vulnerabilities exist in the HTTP Application Intelligence component of the Check Point Firewall-1 NG-AI R55 and R54, as well as the Firewall-1 HTTP Security Server with NG FP1, FP2, and FP3. These vulnerabilities can be exploited by remote attackers via specially crafted HTTP requests that lead to the manipulation of format string specifiers in error messages, enabling the execution of arbitrary code. This presents significant security risks if left unaddressed.

References

http://xforce.iss.net/xforce/alerts/id/162
third-party-advisoryx_refsource_ISS
http://www.kb.cert.org/vuls/id/790771
third-party-advisoryx_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=107604682227031&w=2
mailing-listx_refsource_BUGTRAQ

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2004-0039 : Format String Vulnerabilities in Check Point Firewall-1 Products