Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2004-0039
Description:Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
Test IDs: 1.3.6.1.4.1.25623.1.0.12084  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2004-0039
BugTraq ID: 9581
http://www.securityfocus.com/bid/9581
Bugtraq: 20040205 Two checkpoint fw-1/vpn-1 vulns (Google Search)
http://marc.info/?l=bugtraq&m=107604682227031&w=2
Cert/CC Advisory: TA04-036A
http://www.us-cert.gov/cas/techalerts/TA04-036A.html
CERT/CC vulnerability note: VU#790771
http://www.kb.cert.org/vuls/id/790771
Computer Incident Advisory Center Bulletin: O-072
http://www.ciac.org/ciac/bulletins/o-072.shtml
ISS Security Advisory: 20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
http://xforce.iss.net/xforce/alerts/id/162
XForce ISS Database: fw1-format-string(14149)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14149




© 1998-2024 E-Soft Inc. All rights reserved.