Check Point Firewall-1 - PKI Web Service HTTP Header Remote Overflow

Check Point Firewall-1 - PKI Web Service HTTP Header Remote Overflow - Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow - Description The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long...

Check Point Firewall-1 Overflow

Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow - Description The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client...

Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow

Exploit for hardware platform in category dos / poc ================================================================== Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow ================================================================== - Check Point Firewall-1 PKI Web Service HTT...

Check Point Firewall-1 - PKI Web Service HTTP Header Remote Overflow

Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow - Description The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Check Point Connectra NGX R62 HFA01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-5994

Cross-site scripting XSS vulnerability in index.php in Check Point Connectra NGX R62 HFA01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-5994

CVE-2008-5994 is an XSS vulnerability in Check Point Connectra NGX R62 HFA_01 (index.php) exploitable via the dir parameter. The root cause is inadequate sanitization of dir, allowing remote script/HTML injection. Impact details cited show partial integrity impact with no confidentiality or avail...

CVE-2008-5994

Cross-site scripting XSS vulnerability in index.php in Check Point Connectra NGX R62 HFA01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Checkpoint VPN-1 PAT信息泄露漏洞

CVECAN ID: CVE-2008-5849 CheckPoint防火墙/VPN解决方案可为组织提供网络架构和信息安全保护。 对于启用了端口地址翻译（PAT）的CheckPoint VPN-1防火墙，如果远程攻击者向防火墙的18264/tcp端口发送设置有很低TTL值的报文的话，就可以触发ICMPTIMXCEEDINTRANS响应，而响应的封装IP报文中包含有内部IP地址，如下所示： 14:56:25.169480 IP tos 0xe0, ttl 255, id 21407, offset 0, flags none, proto: ICMP 1, length: 68...

Code injection

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation PAT is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMPTIMXCEEDINTRANS aka ICMP time exceeded in-transit response containing an encapsulated IP packet...

CVE-2008-5849

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation PAT is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMPTIMXCEEDINTRANS aka ICMP time exceeded in-transit response containing an encapsulated IP packet...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was originally recorded for a "SPLAT Remote Root Exploit" that was claimed to exist for Check Point SmartCenter. The claim has no actionable details and was disclosed by a person of unknown reliability who...

CVE-2008-5849

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation PAT is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMPTIMXCEEDINTRANS aka ICMP time exceeded in-transit response containing an encapsulated IP packet...

CVE-2008-5850

This CVE entry is rejected/not used and does not represent an active vulnerability.

CVE-2008-5849

CVE-2008-5849 affects Check Point VPN-1 with Port Address Translation (PAT) enabled (notably Check Point VPN-1 R55 and R65). The issue is information disclosure: an attacker can remotely send a crafted packet to the firewall management port (18264/tcp) and trigger an ICMP TIMXCEED_INTRANS respons...

Check Point Response to CVE-2008-5161 - OpenSSH CBC mode information disclosure vulnerability

Cause This weakness could allow an attacker who is able to inject arbitrary data into an SSH session to recover up to 32 bits 4 bytes of data by causing an error condition. This attack method causes the SSH session to terminate and therefore cannot be used to obtain arbitrary amounts of data from...

Check Point response to "VPN-1 PAT information disclosure" vulnerability (CVE-2008-5849)

...

Check Point VPN-1防火墙产品端口地址翻译信息泄露漏洞

BUGTRAQ ID: 32306 Check Point VPN-1 Power和UTM都是Check Point开发的防火墙类产品。 如果远程攻击者向VPN-1 Power和UTM所发送的特制报文被端口地址翻译（PAT）映射到内部设备上的端口的话，生成的ICMP错误报文中可能会包含有关内部网络的信息。此时如果存活时间（TTL）设置的过低的话，上述防火墙产品就无法正确的过滤ICMP报文中的封装IP头，导致泄露内部IP地址。 Check Point Software VPN-1 UTM NGX R65 Check Point Software VPN-1 Power Check Poin...

Check Point VPN-1 PAT Information Disclosure Vulnerability - Active Check

Check Point VPN-1 PAT is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2008 Tim Brown and Portcullis Computer Security Ltd Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Check Point response to DNS poisoning vulnerability CVE-2008-1447

...