HTTP: CheckPoint AI/SD Scheme Overflow
This signature detects attempts to exploit a known vulnerability in the CheckPoint AI/Smart Defense HTTP proxy engine. Attackers can send an overly long scheme to crash the proxy engine, creating a denial of service (DoS) or enabling the attackers to take control of the firewall as root. False positives can occur when Web servers use the ":" character in file names beyond the 13th character of the path.
Extended Description
Problems in the handling of some types of HTTP requests from remote users have been identified in Check Point Firewall-1 HTTP Application Intelligence and HTTP Security Server. Because of this, it is possible for a remote attacker to gain unauthorized access to a vulnerable system with administrative privileges.
Affected Products
Check_point_software next_generation
Short Name
HTTP:AUDIT:FW1-SCHEME-OF
Severity
Info
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
AI/SD CVE-2004-0039 CheckPoint Overflow Scheme bid:9581
Release Date
02/26/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Frequently
Vendors
Check_point_software
CVSS Score
10.0