Vulnerability Name: | CVE-2004-0039 (CCN-14149) | ||||||||
Assigned: | 2004-02-04 | ||||||||
Published: | 2004-02-04 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2004-0039 Source: BUGTRAQ Type: UNKNOWN 20040205 Two checkpoint fw-1/vpn-1 vulns Source: CONFIRM Type: UNKNOWN http://www.checkpoint.com/techsupport/alerts/security_server.html Source: CCN Type: Check Point Web site FireWall-1 HTTP Security Server Hotfix Source: CCN Type: CIAC Information Bulletin O-072 Check Point FireWall-1 HTTP Security Server Vulnerability Source: CIAC Type: UNKNOWN O-072 Source: CCN Type: US-CERT VU#790771 HTTP Parsing Vulnerabilities in Check Point Firewall-1 Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#790771 Source: CCN Type: OSVDB ID: 4414 Check Point FireWall-1 HTTP Server Format String Source: BID Type: Patch, Vendor Advisory 9581 Source: CCN Type: BID-9581 Multiple Check Point Firewall-1 HTTP Security Server Remote Format String Vulnerabilities Source: CERT Type: US Government Resource TA04-036A Source: CCN Type: Internet Security Systems Security Advisory, February 4, 2004 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities Source: ISS Type: UNKNOWN 20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities Source: XF Type: UNKNOWN fw1-format-string(14149) Source: XF Type: UNKNOWN fw1-format-string(14149) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |