HTTP: Authentication Format String Attack
This signature detects attempts to exploit a known vulnerability in some Web servers and Web proxies. Attackers can send user authentication that includes format strings to crash some Web servers, thereby creating a denial-of-service condition or enabling the attackers to take control of the firewall as root.
Extended Description
Problems in the handling of some types of HTTP requests from remote users have been identified in Check Point Firewall-1 HTTP Application Intelligence and HTTP Security Server. Because of this, it is possible for a remote attacker to gain unauthorized access to a vulnerable system with administrative privileges.
Affected Products
Check_point_software next_generation
References
BugTraq: 9581
CVE: CVE-2004-0039
URL: http://www.kb.cert.org/vuls/id/790771 http://www.checkpoint.com/techsupport/alerts/security_server.html
Short Name
HTTP:CHKP:AUTH-FMT-STR
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Attack Authentication CVE-2004-0039 Format String bid:9581
Release Date
02/26/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Check_point_software
CVSS Score
10.0