CVE-2007-0471

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Connectra Ngx
Vendor: CVE Published:; 24 January 2007

Summary

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.

References

http://securitytracker.com/id?1017559

vdb-entryx_refsource_SECTRACK

http://lists.grok.org.uk/pipermail/full-disclosure/2007-J...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/457683/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

40% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 24, 2007
Vulnerability Reserved
Jan 23, 2007