CVE-2004-0039

Severity

99%

Complexity

99%

Confidentiality

165%

Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.

Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 20 years ago

2004-03-03 05:00:00

Last updated 7 years ago

2017-07-11 01:29:00

Affected Software

Checkpoint Firewall-1

References

20040205 Two checkpoint fw-1/vpn-1 vulns

http://www.checkpoint.com/techsupport/alerts/security_server.html

O-072

VU#790771

Patch, Third Party Advisory, US Government Resource

9581

Patch, Vendor Advisory

TA04-036A

US Government Resource

20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities

fw1-format-string(14149)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.