Vulnerability-Lookup

CVE-2004-0039 (GCVE-0-2004-0039)

Vulnerability from cvelistv5 – Published: 2004-02-11 05:00 – Updated: 2024-08-08 00:01

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://xforce.iss.net/xforce/alerts/id/162	third-party-advisoryx_refsource_ISS
	http://www.kb.cert.org/vuls/id/790771	third-party-advisoryx_refsource_CERT-VN
	http://marc.info/?l=bugtraq&m=107604682227031&w=2	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.ciac.org/ciac/bulletins/o-072.shtml	third-party-advisorygovernment-resourcex_refsource_CIAC
	http://www.checkpoint.com/techsupport/alerts/secu…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/9581	vdb-entryx_refsource_BID
	http://www.us-cert.gov/cas/techalerts/TA04-036A.html	third-party-advisoryx_refsource_CERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://xforce.iss.net/xforce/alerts/id/162"
          },
          {
            "name": "VU#790771",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/790771"
          },
          {
            "name": "20040205 Two checkpoint fw-1/vpn-1 vulns",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2"
          },
          {
            "name": "fw1-format-string(14149)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149"
          },
          {
            "name": "O-072",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html"
          },
          {
            "name": "9581",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9581"
          },
          {
            "name": "TA04-036A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-036A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://xforce.iss.net/xforce/alerts/id/162"
        },
        {
          "name": "VU#790771",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/790771"
        },
        {
          "name": "20040205 Two checkpoint fw-1/vpn-1 vulns",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2"
        },
        {
          "name": "fw1-format-string(14149)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149"
        },
        {
          "name": "O-072",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html"
        },
        {
          "name": "9581",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9581"
        },
        {
          "name": "TA04-036A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-036A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0039",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities",
              "refsource": "ISS",
              "url": "http://xforce.iss.net/xforce/alerts/id/162"
            },
            {
              "name": "VU#790771",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/790771"
            },
            {
              "name": "20040205 Two checkpoint fw-1/vpn-1 vulns",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2"
            },
            {
              "name": "fw1-format-string(14149)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149"
            },
            {
              "name": "O-072",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml"
            },
            {
              "name": "http://www.checkpoint.com/techsupport/alerts/security_server.html",
              "refsource": "CONFIRM",
              "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html"
            },
            {
              "name": "9581",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9581"
            },
            {
              "name": "TA04-036A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-036A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0039",
    "datePublished": "2004-02-11T05:00:00",
    "dateReserved": "2004-01-07T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-0039\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-03-03T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de cadena de formato en el componente HTTP Application Intelligence (IA) de Checkpoint Firewall-1 NG-AI R55 y R54, y  Checkpoint Firewall-1 HTTP Security Server incluido con NG FP1, FP2, y FP3  permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante peticiones HTTP que hacen que se utilicen especificadores de cadena de formato en un mensaje de error, como se ha demastrado usando el esquema de una URI.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:firewall-1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85711114-A402-4B53-AA91-DC66937606F1\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.checkpoint.com/techsupport/alerts/security_server.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ciac.org/ciac/bulletins/o-072.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/790771\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/9581\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA04-036A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/162\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14149\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.checkpoint.com/techsupport/alerts/security_server.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ciac.org/ciac/bulletins/o-072.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/790771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/9581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA04-036A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2004-0039

Vulnerability from fkie_nvd - Published: 2004-03-03 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=107604682227031&w=2
cve@mitre.org	http://www.checkpoint.com/techsupport/alerts/security_server.html
cve@mitre.org	http://www.ciac.org/ciac/bulletins/o-072.shtml
cve@mitre.org	http://www.kb.cert.org/vuls/id/790771	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/9581	Patch, Vendor Advisory
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA04-036A.html	US Government Resource
cve@mitre.org	http://xforce.iss.net/xforce/alerts/id/162
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/14149
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=107604682227031&w=2
af854a3a-2127-422b-91ae-364da2661108	http://www.checkpoint.com/techsupport/alerts/security_server.html
af854a3a-2127-422b-91ae-364da2661108	http://www.ciac.org/ciac/bulletins/o-072.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/790771	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/9581	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA04-036A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://xforce.iss.net/xforce/alerts/id/162
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/14149

Impacted products

	Vendor	Product	Version
	checkpoint	firewall-1	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85711114-A402-4B53-AA91-DC66937606F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cadena de formato en el componente HTTP Application Intelligence (IA) de Checkpoint Firewall-1 NG-AI R55 y R54, y  Checkpoint Firewall-1 HTTP Security Server incluido con NG FP1, FP2, y FP3  permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante peticiones HTTP que hacen que se utilicen especificadores de cadena de formato en un mensaje de error, como se ha demastrado usando el esquema de una URI."
    }
  ],
  "id": "CVE-2004-0039",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/790771"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9581"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-036A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://xforce.iss.net/xforce/alerts/id/162"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/790771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-036A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://xforce.iss.net/xforce/alerts/id/162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7877-QXPP-QJH5

Vulnerability from github – Published: 2022-04-29 02:57 – Updated: 2022-04-29 02:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-0039"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-03-03T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.",
  "id": "GHSA-7877-qxpp-qjh5",
  "modified": "2022-04-29T02:57:01Z",
  "published": "2022-04-29T02:57:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0039"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/790771"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/9581"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-036A.html"
    },
    {
      "type": "WEB",
      "url": "http://xforce.iss.net/xforce/alerts/id/162"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200403-0025

Vulnerability from variot - Updated: 2025-04-03 20:55

Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges. Check Point Firewall-1 is a high-performance firewall. An unsuccessful attack will destroy all connected HTTP sessions and stop WEB communication. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

HTTP Parsing Vulnerabilities in Check Point Firewall-1

Original release date: February 05, 2004 Last revised: -- Source: US-CERT

A complete revision history can be found at the end of this file. This allows the attacker to take control of the firewall, and in some cases, to also control the server it runs on.

I. Description

The Application Intelligence (AI) component of Check Point Firewall-1 is an application proxy that scans traffic for application layer attacks once it has passed through the firewall at the network level. Earlier versions of Firewall-1 include the HTTP Security Server, which provides similar functionality. When Firewall-1 generates an error message in response to the invalid request, a portion of the input supplied by the attacker is included in the format string for a call to sprintf().

Researchers at Internet Security Systems have determined that it is possible to exploit this format string vulnerability to execute commands on the firewall. For more information, please see the ISS advisory at:

      http://xforce.iss.net/xforce/alerts/id/162

The CERT/CC is tracking this issue as VU#790771. This reference number corresponds to CVE candidate CAN-2004-0039.

II. Failed attempts to exploit this vulnerability may cause the firewall to crash.

III. It is unclear at this time whether there are other attack vectors that may still allow exploitation of the underlying software defect. Therefore, affected sites may be able to limit their exposure to this vulnerability by disabling HTTP Security Servers or the Application Intelligence component, as appropriate. ___________

This vulnerability was discovered and researched by Mark Dowd of ISS X-Force. ___________

This document was written by Jeffrey P. Lanza. ___________

This document is available from: http://www.us-cert.gov/cas/techalerts/TA04-036A.html ___________

Revision History Feb 05, 2004: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAIsBMXlvNRxAkFWARApI0AKD4vWl9qb4hYtEr+zlkUScaY3PFcwCfRXcG pglRULK2zVbnACsvG9+BEog= =6SAE -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200403-0025",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firewall-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "*"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "ng fp2"
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "ng fp3"
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "ng with application intelligence"
      },
      {
        "model": "vpn-1/firewall-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "ng with application intelligence (r55)"
      },
      {
        "model": "firewall-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "checkpoint",
        "version": null
      },
      {
        "model": "point software nokia voyager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software ng-ai r55",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software ng-ai r54",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software ng-ai",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3 hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3 hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#790771"
      },
      {
        "db": "BID",
        "id": "9581"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0039"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:checkpoint:vpn-1_firewall-1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mark Dowd",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-0039",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2004-0039",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-8469",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2004-0039",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#790771",
            "trust": 0.8,
            "value": "17.10"
          },
          {
            "author": "NVD",
            "id": "CVE-2004-0039",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200403-032",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-8469",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#790771"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8469"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0039"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges. Check Point Firewall-1 is a high-performance firewall. An unsuccessful attack will destroy all connected HTTP sessions and stop WEB communication. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nHTTP Parsing Vulnerabilities in Check Point Firewall-1\n\n   Original release date: February 05, 2004\n   Last revised: --\n   Source: US-CERT\n\n   A complete revision history can be found at the end of this file. This allows the attacker to take control of the firewall,\n   and in some cases, to also control the server it runs on. \n\nI. Description\n\n   The Application Intelligence (AI) component of Check Point Firewall-1\n   is an application proxy that scans traffic for application layer\n   attacks once it has passed through the firewall at the network level. \n   Earlier versions of Firewall-1 include the HTTP Security Server, which\n   provides similar functionality. When Firewall-1 generates an error message in\n   response to the invalid request, a portion of the input supplied by the\n   attacker is included in the format string for a call to sprintf(). \n\n   Researchers at Internet Security Systems have determined that it is\n   possible to exploit this format string vulnerability to execute\n   commands on the firewall. For more information, please\n   see the ISS advisory at:\n\n          http://xforce.iss.net/xforce/alerts/id/162\n\n   The CERT/CC is tracking this issue as VU#790771. This reference number\n   corresponds to CVE candidate CAN-2004-0039. \n\nII. Failed attempts to exploit this vulnerability may cause the\n   firewall to crash. \n\nIII. It is unclear at this time whether there\n   are other attack vectors that may still allow exploitation of the\n   underlying software defect. \n   Therefore, affected sites may be able to limit their exposure to this\n   vulnerability by disabling HTTP Security Servers or the Application\n   Intelligence component, as appropriate. \n     _________________________________________________________________\n\n   This vulnerability was discovered and researched by Mark Dowd of ISS\n   X-Force. \n     _________________________________________________________________\n\n   This document was written by Jeffrey P. Lanza. \n     _________________________________________________________________\n\n   This document is available from:\n   http://www.us-cert.gov/cas/techalerts/TA04-036A.html\n     _________________________________________________________________\n\n   Copyright 2004 Carnegie Mellon University. \n\n   Revision History\n   Feb 05, 2004:  Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niD8DBQFAIsBMXlvNRxAkFWARApI0AKD4vWl9qb4hYtEr+zlkUScaY3PFcwCfRXcG\npglRULK2zVbnACsvG9+BEog=\n=6SAE\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0039"
      },
      {
        "db": "CERT/CC",
        "id": "VU#790771"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      },
      {
        "db": "BID",
        "id": "9581"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8469"
      },
      {
        "db": "PACKETSTORM",
        "id": "32633"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#790771",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0039",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "9581",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA04-036A",
        "trust": 2.6
      },
      {
        "db": "XF",
        "id": "14149",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "10794",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000032",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-032",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA04-036A",
        "trust": 0.6
      },
      {
        "db": "ISS",
        "id": "20040204 CHECKPOINT FIREWALL-1 HTTP PARSING FORMAT STRING VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "1",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20040205 TWO CHECKPOINT FW-1/VPN-1 VULNS",
        "trust": 0.6
      },
      {
        "db": "CIAC",
        "id": "O-072",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-8469",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "32633",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#790771"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8469"
      },
      {
        "db": "BID",
        "id": "9581"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      },
      {
        "db": "PACKETSTORM",
        "id": "32633"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0039"
      }
    ]
  },
  "id": "VAR-200403-0025",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-8469"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-03T20:55:50.026000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FireWall-1 HTTP Security Server Vulnerability",
        "trust": 0.8,
        "url": "http://www.checkpoint.com/services/techsupport/alerts/security_server.html"
      },
      {
        "title": "FireWall-1 HTTP \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30b5\u30fc\u30d0\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "http://www.checkpoint.co.jp/techsupport/alerts/security_server.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0039"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.7,
        "url": "http://xforce.iss.net/xforce/alerts/id/162"
      },
      {
        "trust": 2.9,
        "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html"
      },
      {
        "trust": 2.6,
        "url": "http://www.us-cert.gov/cas/techalerts/ta04-036a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/9581"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/790771"
      },
      {
        "trust": 2.5,
        "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml"
      },
      {
        "trust": 2.2,
        "url": "http://xforce.iss.net/xforce/xfdb/14149"
      },
      {
        "trust": 1.2,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=107604682227031\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2"
      },
      {
        "trust": 0.8,
        "url": "http://www.secunia.com/advisories/10794/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0039"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2004/wr040601.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta04-036a"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta04-036a"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0039"
      },
      {
        "trust": 0.8,
        "url": "http://www.isskk.co.jp/support/techinfo/general/checkpoint_fw1_162.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.checkpoint.com/techsupport/"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=107604682227031\u0026amp;w=2"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#790771"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8469"
      },
      {
        "db": "BID",
        "id": "9581"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      },
      {
        "db": "PACKETSTORM",
        "id": "32633"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0039"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#790771"
      },
      {
        "db": "VULHUB",
        "id": "VHN-8469"
      },
      {
        "db": "BID",
        "id": "9581"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      },
      {
        "db": "PACKETSTORM",
        "id": "32633"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0039"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-02-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#790771"
      },
      {
        "date": "2004-03-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8469"
      },
      {
        "date": "2004-02-05T00:00:00",
        "db": "BID",
        "id": "9581"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      },
      {
        "date": "2004-02-06T00:08:00",
        "db": "PACKETSTORM",
        "id": "32633"
      },
      {
        "date": "2004-02-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      },
      {
        "date": "2004-03-03T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-0039"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-04-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#790771"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-8469"
      },
      {
        "date": "2009-07-12T02:06:00",
        "db": "BID",
        "id": "9581"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000032"
      },
      {
        "date": "2006-01-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      },
      {
        "date": "2025-04-03T01:03:51.193000",
        "db": "NVD",
        "id": "CVE-2004-0039"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "32633"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HTTP Parsing Vulnerabilities in Check Point Firewall-1",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#790771"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-032"
      }
    ],
    "trust": 0.6
  }
}

GSD-2004-0039

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2004-0039

Aliases

CVE-2004-0039

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-0039",
    "description": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.",
    "id": "GSD-2004-0039"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-0039"
      ],
      "details": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.",
      "id": "GSD-2004-0039",
      "modified": "2023-12-13T01:22:54.617075Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-0039",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities",
            "refsource": "ISS",
            "url": "http://xforce.iss.net/xforce/alerts/id/162"
          },
          {
            "name": "VU#790771",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/790771"
          },
          {
            "name": "20040205 Two checkpoint fw-1/vpn-1 vulns",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2"
          },
          {
            "name": "fw1-format-string(14149)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149"
          },
          {
            "name": "O-072",
            "refsource": "CIAC",
            "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml"
          },
          {
            "name": "http://www.checkpoint.com/techsupport/alerts/security_server.html",
            "refsource": "CONFIRM",
            "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html"
          },
          {
            "name": "9581",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/9581"
          },
          {
            "name": "TA04-036A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-036A.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0039"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#790771",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/790771"
            },
            {
              "name": "9581",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/9581"
            },
            {
              "name": "20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities",
              "refsource": "ISS",
              "tags": [],
              "url": "http://xforce.iss.net/xforce/alerts/id/162"
            },
            {
              "name": "http://www.checkpoint.com/techsupport/alerts/security_server.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html"
            },
            {
              "name": "TA04-036A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-036A.html"
            },
            {
              "name": "O-072",
              "refsource": "CIAC",
              "tags": [],
              "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml"
            },
            {
              "name": "20040205 Two checkpoint fw-1/vpn-1 vulns",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2"
            },
            {
              "name": "fw1-format-string(14149)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:29Z",
      "publishedDate": "2004-03-03T05:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2004-0039 (GCVE-0-2004-0039)

FKIE_CVE-2004-0039

GHSA-7877-QXPP-QJH5

VAR-200403-0025

GSD-2004-0039

Tags

Sightings

Nomenclature