Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

VIGILANTE-2000005.txt

🗓️ 15 Aug 2000 00:00:00Reported by VigilanteType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Vulnerability in Watchguard Firebox allows DoS via malformed URLs on TCP port 4100.

Code
`Watchguard Firebox Authentication DoS  
  
Advisory Code: VIGILANTE-2000005  
  
Release Date:  
August 15, 2000  
  
Systems Affected:  
Tested on the newest version of the Watchguard Firebox II (that was on the  
22nd of June), but it is very likely that this bug exists in all prior  
versions that include the authentication service (TCP port 4100).  
  
THE PROBLEM  
Sending a malformed URL to the authentication service running on TCP port  
4100, causes it to shut down and requires a reboot of the Watchguard for it  
to work again.  
  
Vendor Status:  
Vendor was informed of the problem, and have been very cooperative in  
getting a patch developed for the problem. According to the vendor the  
problem is not caused by a buffer overflow.  
  
Fix (quote from the vendor):  
"all current WatchGuard LiveSecurity Subscribers have been  
sent the Service Pack that addresses this issue. Copies of this  
Service Pack can be downloaded from the WatchGuard LiveSecurity  
Archive. To log into the archive, go to  
http://www.watchguard.com/support. A work around that addresses the  
vulnerability from the external interface is to disable Authentication  
to the Firebox from the external interface. Upstream routers can also  
be used to control access to this service if access to the  
Authentication applet is required from the external interface and you  
do not wish to install the patch. For obvious reasons, these are  
sub-optimal solutions."  
  
Vendor URL: http://www.watchguard.com  
Product URL: http://www.watchguard.com/products/fIImss.asp  
  
Copyright VIGILANTe 2000-08-15  
  
Disclaimer:  
The information within this document may change without notice. Use of  
this information constitutes acceptance for use in an AS IS  
condition. There are NO warranties with regard to this information.  
In no event shall the author be liable for any consequences whatsoever  
arising out of or in connection with the use or spread of this  
information. Any use of this information lays within the user's  
responsibility.  
  
Feedback:  
Please send suggestions, updates, and comments to:  
  
VIGILANTe  
mailto: [email protected]  
http://www.vigilante.com  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Aug 2000 00:00Current
7.4High risk
Vulners AI Score7.4
watchguard fireboxdenial of serviceauthentication vulnerabilityservice packpatch available.
23