NVD

Id
70508  
Name
CVE-2004-0039  
Description
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-07-18  
Published
2004-03-03  
Modified Date
2017-07-10  
Seq
2004-0039  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
363334 70508 CVE-2004-0039 20040205 Two checkpoint fw-1/vpn-1 vulns  View
363335 70508 CVE-2004-0039 http://www.checkpoint.com/techsupport/alerts/security_server.html  View
363336 70508 CVE-2004-0039 O-072  View
363337 70508 CVE-2004-0039 VU#790771  View
363338 70508 CVE-2004-0039 9581  View
363339 70508 CVE-2004-0039 TA04-036A  View
363340 70508 CVE-2004-0039 20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities  View
363341 70508 CVE-2004-0039 fw1-format-string(14149)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
62691 JVNDB-2004-000032 Check Point VPN-1/Firewall-1 HTTP Security Server の sprint() 関数におけるフォーマットストリングの脆弱性 Check Point VPN-1/Firewall-1 の HTTP Security Server には、特定の HTTP リクエストに対してエラーメッセージを生成する際に呼び出される sprint() 関数を不適切に取り扱うため、意図的に作成した HTTP リクエストを送りつけられることにより、フォーマットストリングの脆弱性が存在します。 CVE-2004-0039 8466 CVE-2004-0039 70508 10 http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000032.html 2004-02-04 2007-04-01 View