CVE-2004-0039 Information
Description
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54 and Check Point Firewall-1 HTTP Security Server included with NG FP1 FP2 and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message as demonstrated using the scheme of a URI.
Reference
http://marc.info/?l=bugtraq&m=107604682227031&w=2 http://www.checkpoint.com/techsupport/alerts/security_server.html http://www.ciac.org/ciac/bulletins/o-072.shtml http://www.kb.cert.org/vuls/id/790771 http://www.securityfocus.com/bid/9581 http://www.us-cert.gov/cas/techalerts/TA04-036A.html http://xforce.iss.net/xforce/alerts/id/162 https://exchange.xforce.ibmcloud.com/vulnerabilities/14149
Share on: