CVE-2004-0039

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Firewall-1
Vendor: CVE Published:; 3 March 2004

Summary

Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.

References

http://xforce.iss.net/xforce/alerts/id/162

third-party-advisoryx_refsource_ISS

http://www.kb.cert.org/vuls/id/790771

third-party-advisoryx_refsource_CERT-VN

http://marc.info/?l=bugtraq&m=107604682227031&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 3, 2004
Vulnerability Reserved
Jan 7, 2004