Vulnerabilities > CVE-2004-0039 - Unspecified vulnerability in Checkpoint Firewall-1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
checkpoint
nessus
NVD
Published: 2004-03-03
Updated: 2024-11-20

Summary

Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.

Vulnerable Configurations

Part Description Count
Application
Checkpoint
1

Nessus

NASL familyFirewalls
NASL idCHECKPOINT_FORMAT.NASL
descriptionThe remote Check Point Firewall web server crashes when sent a specially formatted HTTP request. A remote attacker could use this to crash the web server, or possibly execute arbitrary code. This bug is a solid indicator that the server is vulnerable to several other Check Point FW-1 4.x bugs that Nessus did not check for.
last seen2020-06-01
modified2020-06-02
plugin id12084
published2004-03-02
reporterThis script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/12084
titleCheck Point FireWall-1 4.x Multiple Vulnerabilities (OF, FS)

References