Format String Vulnerabilities in Check Point Firewall-1 Products
CVE-2004-0039

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Firewall-1
Vendor: CVE Published:; 3 March 2004

Summary

Multiple format string vulnerabilities exist in the HTTP Application Intelligence component of the Check Point Firewall-1 NG-AI R55 and R54, as well as the Firewall-1 HTTP Security Server with NG FP1, FP2, and FP3. These vulnerabilities can be exploited by remote attackers via specially crafted HTTP requests that lead to the manipulation of format string specifiers in error messages, enabling the execution of arbitrary code. This presents significant security risks if left unaddressed.

References

http://xforce.iss.net/xforce/alerts/id/162

third-party-advisoryx_refsource_ISS

http://www.kb.cert.org/vuls/id/790771

third-party-advisoryx_refsource_CERT-VN

http://marc.info/?l=bugtraq&m=107604682227031&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 3, 2004
Vulnerability Reserved
Jan 7, 2004