Check Point FireWall-1 4.x Multiple Vulnerabilities (OF, FS)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server has a denial of service vulnerability.

Description :

The remote Check Point Firewall web server crashes when sent a
specially formatted HTTP request. A remote attacker could use this to
crash the web server, or possibly execute arbitrary code.

This bug is a solid indicator that the server is vulnerable to several
other Check Point FW-1 4.x bugs that Nessus did not check for.

See also :

http://www.nessus.org/u?c281a3fa

Solution :

Apply the configurationn change referenced in the vendor's advisory.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Family: Firewalls

Nessus Plugin ID: 12084 (checkpoint_format.nasl)

Bugtraq ID: 10820
9581

CVE ID: CVE-2004-0039
CVE-2004-0699