Intrusion PreventionCheck.Point.HTTP.AI.SD.Scheme.Format.String
Description
This indicates an attempt to exploit a vulnerability in CheckPoint Firewall-1's HTTP Application Intelligence and HTTP Security Server.
Requests to CheckPoint VPN-1 products during negotiation of a VPN tunnel may cause a buffer overrun, potentially compromising the gateway. When handling certain invalid HTTP requests, an error message is generated that contains a call to sprintf(). The format string passed to that function can be manipulated by a malicious attacker to execute arbitrary code. It is possible for a remote attacker to gain access to the system with administrative privileges.
Affected Products
VPN-1/FireWall-1 NG with Application Intelligence R55
VPN-1/FireWall-1 NG with Application Intelligence R54
VPN-1/FireWall-1 Next Generation FP3
VPN-1 SecuRemote/SecureClient NG with Application Intelligence R56/R55
Provider-1 NG with Application Intelligence R55
Provider-1 NG with Application Intelligence R54
FireWall-1 GX 2.5
FireWall-1 GX 2.0
SSL Network Extender
VPN-1/FireWall-1 VSX NG with Application Intelligence
VPN-1/FireWall-1 VSX 2.0.1
VPN-1/FireWall-1 SmallOffice NG FP3
Impact
Remote code execution, system compromise.
Recommended Actions
Apply the appropriate update or patch from the vendor:
http://www.checkpoint.com/services/techsupport/alerts/asn1.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 10323 |
| Created | Jul 22, 2005 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2004-0039 |
| Exploit Prediction Score | 89.06% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Other |