Signature Detail

HTTP: Format String in URL Variable

This signature detects attempts to exploit a known vulnerability against multiple Web servers. A successful attack can lead to arbitrary code execution.

Extended Description

Problems in the handling of some types of HTTP requests from remote users have been identified in Check Point Firewall-1 HTTP Application Intelligence and HTTP Security Server. Because of this, it is possible for a remote attacker to gain unauthorized access to a vulnerable system with administrative privileges.

Affected Products

• Check Point Software Firewall-1 4.1.0
• Check Point Software Firewall-1 4.1.0 SP1
• Check Point Software Firewall-1 4.1.0 SP2
• Check Point Software Firewall-1 4.1.0 SP3
• Check Point Software Firewall-1 4.1.0 SP4
• Check Point Software Firewall-1 4.1.0 SP5
• Check Point Software Firewall-1 4.1.0 SP6
• Check Point Software Firewall-1
• Check Point Software FireWall-1 R55W HFA3
• Check Point Software Next Generation FP1
• Check Point Software Next Generation FP2
• Check Point Software Next Generation FP3
• Check Point Software Next Generation FP3 HF1
• Check Point Software Next Generation FP3 HF2
• Check Point Software NG-AI R54
• Check Point Software NG-AI R55
• Check Point Software NG-AI
• Check Point Software Nokia Voyager 4.1

References

• BugTraq: 27990
• CVE: CVE-2004-0039
• CVE: CVE-2008-1055
• URL: http://www.milw0rm.com/exploits/7785