Vulnerability Description
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Checkpoint | Firewall-1 | All versions |
References
- http://marc.info/?l=bugtraq&m=107604682227031&w=2
- http://www.checkpoint.com/techsupport/alerts/security_server.html
- http://www.ciac.org/ciac/bulletins/o-072.shtml
- http://www.kb.cert.org/vuls/id/790771PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/9581PatchVendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA04-036A.htmlUS Government Resource
- http://xforce.iss.net/xforce/alerts/id/162
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14149
- http://marc.info/?l=bugtraq&m=107604682227031&w=2
- http://www.checkpoint.com/techsupport/alerts/security_server.html
- http://www.ciac.org/ciac/bulletins/o-072.shtml
- http://www.kb.cert.org/vuls/id/790771PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/9581PatchVendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA04-036A.htmlUS Government Resource
- http://xforce.iss.net/xforce/alerts/id/162
FAQ
What is CVE-2004-0039?
CVE-2004-0039 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1...
How severe is CVE-2004-0039?
CVE-2004-0039 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0039?
Check the references section above for vendor advisories and patch information. Affected products include: Checkpoint Firewall-1.