var-200607-0417
Vulnerability from variot
Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264. Checkpoint FireWall-1 is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Information obtained may aid in further attacks. R55W HFA2 and prior versions are vulnerable to this issue. Check Point Firewall-1 is a high-performance firewall. This vulnerability can be exploited via basic HEX-encoded directory traversal strings.
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff? Want to write PoC's and Exploits?
Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Check Point VPN/Firewall Directory Traversal Vulnerability
SECUNIA ADVISORY ID: SA21200
VERIFY ADVISORY: http://secunia.com/advisories/21200/
CRITICAL: Moderately critical
IMPACT: Exposure of sensitive information
WHERE:
From remote
SOFTWARE: Check Point VPN-1/FireWall-1 NG with Application Intelligence (AI) http://secunia.com/product/2542/
DESCRIPTION: Pete Foster has reported a vulnerability in Check Point VPN-1/Firewall-1, which can be exploited by malicious people to disclose certain sensitive information.
An input validation error in the hard coded web server (port 18264/TCP) can be exploited to disclose the contents of certain files via directory traversal attacks.
SOLUTION: The vulnerability has reportedly been fixed in version R55W HFA03.
PROVIDED AND/OR DISCOVERED BY: Pete Foster
ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2006-07/0419.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "firewall-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "r55w"
},
{
"_id": null,
"model": "firewall-1",
"scope": "lt",
"trust": 0.8,
"vendor": "check point",
"version": "r55w"
},
{
"_id": null,
"model": "firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "hfa03"
},
{
"_id": null,
"model": "point software firewall-1 r55w hfa2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software firewall-1 r55w hfa1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software firewall-1 r55w",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software firewall-1 r55w hfa3",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "19136"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-451"
},
{
"db": "NVD",
"id": "CVE-2006-3885"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:checkpoint:firewall-1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002923"
}
]
},
"credits": {
"_id": null,
"data": "Pete Foster pete@sec-tec.demon.co.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-451"
}
],
"trust": 0.6
},
"cve": "CVE-2006-3885",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-3885",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-19993",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3885",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2006-3885",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-451",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-19993",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19993"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-451"
},
{
"db": "NVD",
"id": "CVE-2006-3885"
}
]
},
"description": {
"_id": null,
"data": "Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264. Checkpoint FireWall-1 is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Information obtained may aid in further attacks. \nR55W HFA2 and prior versions are vulnerable to this issue. Check Point Firewall-1 is a high-performance firewall. This vulnerability can be exploited via basic HEX-encoded directory traversal strings. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nCheck Point VPN/Firewall Directory Traversal Vulnerability\n\nSECUNIA ADVISORY ID:\nSA21200\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21200/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nExposure of sensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCheck Point VPN-1/FireWall-1 NG with Application Intelligence (AI)\nhttp://secunia.com/product/2542/\n\nDESCRIPTION:\nPete Foster has reported a vulnerability in Check Point\nVPN-1/Firewall-1, which can be exploited by malicious people to\ndisclose certain sensitive information. \n\nAn input validation error in the hard coded web server (port\n18264/TCP) can be exploited to disclose the contents of certain files\nvia directory traversal attacks. \n\nSOLUTION:\nThe vulnerability has reportedly been fixed in version R55W HFA03. \n\nPROVIDED AND/OR DISCOVERED BY:\nPete Foster\n\nORIGINAL ADVISORY:\nhttp://archives.neohapsis.com/archives/bugtraq/2006-07/0419.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3885"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002923"
},
{
"db": "BID",
"id": "19136"
},
{
"db": "VULHUB",
"id": "VHN-19993"
},
{
"db": "PACKETSTORM",
"id": "48608"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2006-3885",
"trust": 2.5
},
{
"db": "BID",
"id": "19136",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "21200",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-2965",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1290",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016563",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002923",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200607-451",
"trust": 0.7
},
{
"db": "XF",
"id": "27937",
"trust": 0.6
},
{
"db": "XF",
"id": "1",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060726 RE: CHECK POINT R55W DIRECTORY TRAVERSAL",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060724 CHECK POINT R55W DIRECTORY TRAVERSAL",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-19993",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48608",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19993"
},
{
"db": "BID",
"id": "19136"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002923"
},
{
"db": "PACKETSTORM",
"id": "48608"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-451"
},
{
"db": "NVD",
"id": "CVE-2006-3885"
}
]
},
"id": "VAR-200607-0417",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19993"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:49:11.883000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Latest Hotfix Accumulators (HFAs)",
"trust": 0.8,
"url": "http://www.checkpoint.com/downloads/latest/hfa/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002923"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3885"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19136"
},
{
"trust": 1.7,
"url": "http://www.sec-tec.co.uk/vulnerability/r55w_directory_traversal.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016563"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21200"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1290"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/440990/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/441495/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/2965"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27937"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3885"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3885"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27937"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2965"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/440990/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/441495/100/0/threaded"
},
{
"trust": 0.3,
"url": "/archive/1/440990"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21200/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0419.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2542/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19993"
},
{
"db": "BID",
"id": "19136"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002923"
},
{
"db": "PACKETSTORM",
"id": "48608"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-451"
},
{
"db": "NVD",
"id": "CVE-2006-3885"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-19993",
"ident": null
},
{
"db": "BID",
"id": "19136",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002923",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "48608",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200607-451",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2006-3885",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-19993",
"ident": null
},
{
"date": "2006-07-24T00:00:00",
"db": "BID",
"id": "19136",
"ident": null
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002923",
"ident": null
},
{
"date": "2006-07-28T01:04:26",
"db": "PACKETSTORM",
"id": "48608",
"ident": null
},
{
"date": "2006-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-451",
"ident": null
},
{
"date": "2006-07-27T01:04:00",
"db": "NVD",
"id": "CVE-2006-3885",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-19993",
"ident": null
},
{
"date": "2006-07-27T22:57:00",
"db": "BID",
"id": "19136",
"ident": null
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002923",
"ident": null
},
{
"date": "2006-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-451",
"ident": null
},
{
"date": "2024-11-21T00:14:38.477000",
"db": "NVD",
"id": "CVE-2006-3885",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-451"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Check Point Firewall-1 R55W Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002923"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-451"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…