var-200701-0404
Vulnerability from variot
sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. Multiple Check Point products are prone to a security-bypass vulnerability. An attacker can exploit this issue to access cookie data and then use it to bypass certain security restrictions. This issue may potentially allow an attacker to gain unauthorized access to the affected application. Check Point Connectra is a web security gateway that provides SSL VPN access and integrates endpoint security and application security within a unified solution. There are loopholes in Connectra's processing of endpoint access authentication. One of the main functions of Connectra is the comprehensive endpoint security service. Specifically, before the client connects to the internal network, it will perform a test on the client to check whether the computer has a security risk. If a risk is detected, it will prompt the user for details of the risk. information, and the user will be asked to test again before logging on to the network. After the user submits the request, the server will send Set-Cookie to the client.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: Check Point Products ICS Security Bypass
SECUNIA ADVISORY ID: SA23847
VERIFY ADVISORY: http://secunia.com/advisories/23847/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From remote
OPERATING SYSTEM: Check Point Connectra Appliances http://secunia.com/product/13352/
SOFTWARE:
http://secunia.com/product// Check Point VPN-1 Power NGX http://secunia.com/product/13348/
http://secunia.com/product// Check Point VPN-1 UTM NG AI http://secunia.com/product/13350/ Check Point VPN-1 Power NG AI http://secunia.com/product/13351/ Check Point VPN-1 UTM NGX http://secunia.com/product/13346/
DESCRIPTION: Roni Bachar and Nir Goldshlager have reported a vulnerability in Check Point products, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that /sre/params.php in ICS (Integrity Clientless Security) does not properly validate the data being sent to it. This can be exploited to receive a cookie, which can be used to bypass certain checks before being allowed to log in to the network, by sending a POST request with a valid report to the /sre/params.php page.
Successful exploitation requires that the ICS feature is enabled.
The vulnerability affects the following products and versions: * Connectra NGX R62 * Connectra NGX R61 * Connectra NGX R60 * Connectra 2.0 * VPN-1 Power/UTM (Pro/Express) NGX R62 * VPN-1 Power/UTM (Pro/Express) NGX R61 * VPN-1 Power/UTM (Pro/Express) NGX R60 * VPN-1 Power/UTM (Pro/Express) NG AI R55W * VPN-1 Power/UTM (Pro/Express) NG AI R55
SOLUTION: Apply hotfix.
Connectra: http://www.checkpoint.com/downloads/latest/hfa/connectra/index.html
VPN-1: http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/index.html
PROVIDED AND/OR DISCOVERED BY: Roni Bachar and Nir Goldshlager, Avnet
ORIGINAL ADVISORY: Check Point: https://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472
Full-Disclosure: http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200701-0404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connectra ngx",
"scope": "lte",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r62"
},
{
"model": "connectra",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "2.0"
},
{
"model": "connectra ngx",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r60"
},
{
"model": "connectra ngx",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r61"
},
{
"model": "connectra ngx",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r62"
},
{
"model": "vpn-1 power/utm",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "(pro/express) ng ai r55"
},
{
"model": "vpn-1 power/utm",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "(pro/express) ng ai r55w"
},
{
"model": "vpn-1 power/utm",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "(pro/express) ngx r60"
},
{
"model": "vpn-1 power/utm",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "(pro/express) ngx r61"
},
{
"model": "vpn-1 power/utm",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "(pro/express) ngx r62"
},
{
"model": "connectra ngx",
"scope": "eq",
"trust": 0.6,
"vendor": "checkpoint",
"version": "r62"
},
{
"model": "point software vpn-1 power/utm pro ngx r62",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm pro ngx r61",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm pro ngx r60",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm pro ng ai r55w",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm pro ng ai r55",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm express ngx r62",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm express ngx r60",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm express ng ai r55w",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm express ng ai r55",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software connectra ngx r62",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software connectra ngx r61",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software connectra ngx r60",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software connectra",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "2.0"
},
{
"model": "point vpn-1 power/utm express ngx r61",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "22233"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-406"
},
{
"db": "NVD",
"id": "CVE-2007-0471"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:checkpoint:connectra",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:checkpoint:connectra_ngx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:checkpoint:vpn-1_power_utm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roni Bachar roni@ avnet.co.il\u003e)Nir Goldshlager",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-406"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0471",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2007-0471",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-23833",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-0471",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-0471",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200701-406",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-23833",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23833"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-406"
},
{
"db": "NVD",
"id": "CVE-2007-0471"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. Multiple Check Point products are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to access cookie data and then use it to bypass certain security restrictions. This issue may potentially allow an attacker to gain unauthorized access to the affected application. Check Point Connectra is a web security gateway that provides SSL VPN access and integrates endpoint security and application security within a unified solution. There are loopholes in Connectra\u0027s processing of endpoint access authentication. One of the main functions of Connectra is the comprehensive endpoint security service. Specifically, before the client connects to the internal network, it will perform a test on the client to check whether the computer has a security risk. If a risk is detected, it will prompt the user for details of the risk. information, and the user will be asked to test again before logging on to the network. After the user submits the request, the server will send Set-Cookie to the client. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nCheck Point Products ICS Security Bypass\n\nSECUNIA ADVISORY ID:\nSA23847\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23847/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCheck Point Connectra Appliances\nhttp://secunia.com/product/13352/\n\nSOFTWARE:\n\nhttp://secunia.com/product//\nCheck Point VPN-1 Power NGX\nhttp://secunia.com/product/13348/\n\nhttp://secunia.com/product//\nCheck Point VPN-1 UTM NG AI\nhttp://secunia.com/product/13350/\nCheck Point VPN-1 Power NG AI\nhttp://secunia.com/product/13351/\nCheck Point VPN-1 UTM NGX\nhttp://secunia.com/product/13346/\n\nDESCRIPTION:\nRoni Bachar and Nir Goldshlager have reported a vulnerability in\nCheck Point products, which can be exploited by malicious people to\nbypass certain security restrictions. \n\nThe problem is that /sre/params.php in ICS (Integrity Clientless\nSecurity) does not properly validate the data being sent to it. This\ncan be exploited to receive a cookie, which can be used to bypass\ncertain checks before being allowed to log in to the network, by\nsending a POST request with a valid report to the /sre/params.php\npage. \n\nSuccessful exploitation requires that the ICS feature is enabled. \n\nThe vulnerability affects the following products and versions:\n* Connectra NGX R62\n* Connectra NGX R61\n* Connectra NGX R60\n* Connectra 2.0\n* VPN-1 Power/UTM (Pro/Express) NGX R62\n* VPN-1 Power/UTM (Pro/Express) NGX R61\n* VPN-1 Power/UTM (Pro/Express) NGX R60\n* VPN-1 Power/UTM (Pro/Express) NG AI R55W\n* VPN-1 Power/UTM (Pro/Express) NG AI R55\n\nSOLUTION:\nApply hotfix. \n\nConnectra:\nhttp://www.checkpoint.com/downloads/latest/hfa/connectra/index.html\n\nVPN-1:\nhttp://www.checkpoint.com/downloads/latest/hfa/vpn1_security/index.html\n\nPROVIDED AND/OR DISCOVERED BY:\nRoni Bachar and Nir Goldshlager, Avnet\n\nORIGINAL ADVISORY:\nCheck Point:\nhttps://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472\n\nFull-Disclosure:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0471"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
},
{
"db": "BID",
"id": "22233"
},
{
"db": "VULHUB",
"id": "VHN-23833"
},
{
"db": "PACKETSTORM",
"id": "53956"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-0471",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "23847",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "31655",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1017559",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1017560",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2007-0276",
"trust": 1.7
},
{
"db": "SREASON",
"id": "2179",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001192",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200701-406",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20070122 CHECK POINT CONNECTRA END POINT SECURITY BYPASS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070122 CHECK POINT CONNECTRA END POINT SECURITY BYPASS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070122 RE: [FULL-DISCLOSURE] CHECK POINT CONNECTRA END POINT SECURITY BYPASS",
"trust": 0.6
},
{
"db": "XF",
"id": "31646",
"trust": 0.6
},
{
"db": "BID",
"id": "22233",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-23833",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "53956",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23833"
},
{
"db": "BID",
"id": "22233"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
},
{
"db": "PACKETSTORM",
"id": "53956"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-406"
},
{
"db": "NVD",
"id": "CVE-2007-0471"
}
]
},
"id": "VAR-200701-0404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23833"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:50:22.745000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "sk32472",
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk32472"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23833"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
},
{
"db": "NVD",
"id": "CVE-2007-0471"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://osvdb.org/31655"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1017559"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1017560"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/23847"
},
{
"trust": 2.1,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-january/051920.html"
},
{
"trust": 1.7,
"url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html"
},
{
"trust": 1.7,
"url": "http://updates.checkpoint.com/fileserver/id/7126/file/vpn-1_hotfix1.pdf"
},
{
"trust": 1.7,
"url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_r62_windows.html"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/2179"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0276"
},
{
"trust": 1.2,
"url": "http://secureknowledge.checkpoint.com/secureknowledge/viewsolutiondocument.do?lid=sk32472"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/457683/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/457621/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0276"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31646"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0471"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0471"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/31646"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/457683/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/457621/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com"
},
{
"trust": 0.1,
"url": "http://www.checkpoint.com/downloads/latest/hfa/connectra/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13350/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product//"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23847/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13346/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13351/"
},
{
"trust": 0.1,
"url": "http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13352/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13348/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23833"
},
{
"db": "BID",
"id": "22233"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
},
{
"db": "PACKETSTORM",
"id": "53956"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-406"
},
{
"db": "NVD",
"id": "CVE-2007-0471"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-23833"
},
{
"db": "BID",
"id": "22233"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
},
{
"db": "PACKETSTORM",
"id": "53956"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-406"
},
{
"db": "NVD",
"id": "CVE-2007-0471"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-23833"
},
{
"date": "2007-01-25T00:00:00",
"db": "BID",
"id": "22233"
},
{
"date": "2009-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001192"
},
{
"date": "2007-01-27T01:46:45",
"db": "PACKETSTORM",
"id": "53956"
},
{
"date": "2007-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-406"
},
{
"date": "2007-01-24T01:28:00",
"db": "NVD",
"id": "CVE-2007-0471"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-23833"
},
{
"date": "2015-03-19T08:36:00",
"db": "BID",
"id": "22233"
},
{
"date": "2009-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001192"
},
{
"date": "2007-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-406"
},
{
"date": "2024-11-21T00:25:56.917000",
"db": "NVD",
"id": "CVE-2007-0471"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point Connectra NGX Vulnerabilities that bypass security requirements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001192"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-406"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…