VAR-200212-0665
Vulnerability from variot - Updated: 2025-04-03 19:45Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall. Firewall-1 is an enterprise level firewall package distributed by Check Point Technologies. It is available for the Unix, Linux, and Microsoft Windows platforms. It has been reported that Firewall-1 does not properly check the contents of sessions when passed through the HTTP proxy server. It is possible for a remote user with access to the proxy server through an authenticated user account to pass protocols through the system that violate security policy. These protocols include FTP, and HTTPS. It should also be noted that this vulnerability affects the HTTPS proxy for Firewall-1. Remote attackers can use this vulnerability to communicate externally through the HTTP proxy server using multiple protocols. When FW-1 is installed using \"out the box\" and set with the following rules: Source Destination Service Action Track AllUsers@SomeNet webserver http UserAuth Long Allow Auth HTTP Any firewall Any drop Long Stealth Rule Any Any Any drop Long CleanUp Rule When Firewall-1 operates using UserAuth, the communication is handled by the security service module, and in the case of an HTTP proxy, by the HTTP security service module (in.ahttpd). However, the default HTTP security service module lacks correct inspection of the session content, which can cause the authenticated user to communicate through this proxy server using different protocols such as (HTTPS, FTP). Firewall-1 using SP6 has made some corrections on this issue. For the SP6 system installed by default, if the HTTP protocol is only allowed to pass through, using the HTTPS protocol to access the site may cause rule conflicts and access failures, and error Information is logged to log files, but FTP protocol communications are still accessible through the HTTP proxy service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0665",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "4.1"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ng"
},
{
"model": "point software nokia voyager",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
}
],
"sources": [
{
"db": "BID",
"id": "5744"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-522"
},
{
"db": "NVD",
"id": "CVE-2002-2405"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mark van Gelder\u203b vgelder@icon.co.za",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-522"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2002-2405",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-6788",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2405",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-522",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6788",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6788"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-522"
},
{
"db": "NVD",
"id": "CVE-2002-2405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall. Firewall-1 is an enterprise level firewall package distributed by Check Point Technologies. It is available for the Unix, Linux, and Microsoft Windows platforms. \nIt has been reported that Firewall-1 does not properly check the contents of sessions when passed through the HTTP proxy server. It is possible for a remote user with access to the proxy server through an authenticated user account to pass protocols through the system that violate security policy. These protocols include FTP, and HTTPS. It should also be noted that this vulnerability affects the HTTPS proxy for Firewall-1. Remote attackers can use this vulnerability to communicate externally through the HTTP proxy server using multiple protocols. When FW-1 is installed using \\\"out the box\\\" and set with the following rules: Source Destination Service Action Track AllUsers@SomeNet webserver http UserAuth Long Allow Auth HTTP Any firewall Any drop Long Stealth Rule Any Any Any drop Long CleanUp Rule When Firewall-1 operates using UserAuth, the communication is handled by the security service module, and in the case of an HTTP proxy, by the HTTP security service module (in.ahttpd). However, the default HTTP security service module lacks correct inspection of the session content, which can cause the authenticated user to communicate through this proxy server using different protocols such as (HTTPS, FTP). Firewall-1 using SP6 has made some corrections on this issue. For the SP6 system installed by default, if the HTTP protocol is only allowed to pass through, using the HTTPS protocol to access the site may cause rule conflicts and access failures, and error Information is logged to log files, but FTP protocol communications are still accessible through the HTTP proxy service",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2405"
},
{
"db": "BID",
"id": "5744"
},
{
"db": "VULHUB",
"id": "VHN-6788"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5744",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-2405",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-522",
"trust": 0.7
},
{
"db": "XF",
"id": "1",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020918 FIREWALL-1 ?HTTP SECURITY SERVER - PROXY VULNERABILITY",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3586",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6788",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6788"
},
{
"db": "BID",
"id": "5744"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-522"
},
{
"db": "NVD",
"id": "CVE-2002-2405"
}
]
},
"id": "VAR-200212-0665",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6788"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T19:45:49.566000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6788"
},
{
"db": "NVD",
"id": "CVE-2002-2405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5744"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0219.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10139.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3586"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6788"
},
{
"db": "BID",
"id": "5744"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-522"
},
{
"db": "NVD",
"id": "CVE-2002-2405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6788"
},
{
"db": "BID",
"id": "5744"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-522"
},
{
"db": "NVD",
"id": "CVE-2002-2405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6788"
},
{
"date": "2002-09-18T00:00:00",
"db": "BID",
"id": "5744"
},
{
"date": "2002-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-522"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6788"
},
{
"date": "2002-09-18T00:00:00",
"db": "BID",
"id": "5744"
},
{
"date": "2002-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-522"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-2405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-522"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point Firewall-1 HTTP Proxy Server Unauthorized Protocol Access Vulnerability",
"sources": [
{
"db": "BID",
"id": "5744"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-522"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-522"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…