Format String Vulnerabilities in Check Point Firewall-1 Products
CVE-2004-0039
Currently unrated
Summary
Multiple format string vulnerabilities exist in the HTTP Application Intelligence component of the Check Point Firewall-1 NG-AI R55 and R54, as well as the Firewall-1 HTTP Security Server with NG FP1, FP2, and FP3. These vulnerabilities can be exploited by remote attackers via specially crafted HTTP requests that lead to the manipulation of format string specifiers in error messages, enabling the execution of arbitrary code. This presents significant security risks if left unaddressed.
References
EPSS Score
41% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved