CVE-2004-0039

Опубликовано: 03 мар. 2004

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.

Ссылки

http://marc.info/?l=bugtraq&m=107604682227031&w=2
http://www.checkpoint.com/techsupport/alerts/security_server.html
http://www.ciac.org/ciac/bulletins/o-072.shtml
http://www.kb.cert.org/vuls/id/790771
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/9581
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-036A.html
US Government Resource
http://xforce.iss.net/xforce/alerts/id/162
https://exchange.xforce.ibmcloud.com/vulnerabilities/14149
http://marc.info/?l=bugtraq&m=107604682227031&w=2
http://www.checkpoint.com/techsupport/alerts/security_server.html
http://www.ciac.org/ciac/bulletins/o-072.shtml
http://www.kb.cert.org/vuls/id/790771
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/9581
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-036A.html
US Government Resource
http://xforce.iss.net/xforce/alerts/id/162
https://exchange.xforce.ibmcloud.com/vulnerabilities/14149

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:checkpoint:firewall-1:*:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.41483

Средний

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7877-qxpp-qjh5

github

больше 3 лет назад