CVE-2004-0039

Name of the Vulnerable Software and Affected Versions Check Point Firewall-1 NG-AI versions R54 through R55 Check Point Firewall-1 HTTP Security Server included with NG FP1 through FP3

Description The issue allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message. This can be demonstrated using the scheme of a URI.

Recommendations For Check Point Firewall-1 NG-AI versions R54 through R55, update to a version that includes the fix for this issue. For Check Point Firewall-1 HTTP Security Server included with NG FP1 through FP3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the HTTP Application Intelligence component until a patch is available.