Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
CVE ID: | CVE-2004-0039 |
Description: | Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. |
Test IDs: | 1.3.6.1.4.1.25623.1.0.12084 |
Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0039 BugTraq ID: 9581 http://www.securityfocus.com/bid/9581 Bugtraq: 20040205 Two checkpoint fw-1/vpn-1 vulns (Google Search) http://marc.info/?l=bugtraq&m=107604682227031&w=2 Cert/CC Advisory: TA04-036A http://www.us-cert.gov/cas/techalerts/TA04-036A.html CERT/CC vulnerability note: VU#790771 http://www.kb.cert.org/vuls/id/790771 Computer Incident Advisory Center Bulletin: O-072 http://www.ciac.org/ciac/bulletins/o-072.shtml ISS Security Advisory: 20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities http://xforce.iss.net/xforce/alerts/id/162 XForce ISS Database: fw1-format-string(14149) https://exchange.xforce.ibmcloud.com/vulnerabilities/14149 |