var-201411-0130
Vulnerability from variot
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. Check Point Security Gateways is a security gateway device from CheckPoint. There are multiple denial of service vulnerabilities in Check Point Security Gateways: 1. There are multiple related services, such as PS blade, IPsec Remote Access, Mobile Access / SSL VPN blade, SSL Network Extender, Identify Awareness blade, HTTPS Inspection, UserCheck, and Data. Errors can cause system instability. 2, the relevant URL Filtering blade and Application Control blade have errors, which can cause the system to hang. 3. There is an error in redirecting to the UserChec page, which can cause the system to crash. 4, related URL Filtering or Identity Awareness has a security vulnerability, an attacker can exploit the vulnerability to crash the system. It provides security functions such as unified security policies, URL filtering, and anti-virus. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "r76"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "r75"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "r77"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "r77.10"
},
{
"model": "point security gateways r77",
"scope": null,
"trust": 1.2,
"vendor": "check",
"version": null
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r75"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r76"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r77"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r77.10"
},
{
"model": "point security gateways r77.10",
"scope": null,
"trust": 0.6,
"vendor": "check",
"version": null
},
{
"model": "point security gateways r75",
"scope": null,
"trust": 0.6,
"vendor": "check",
"version": null
},
{
"model": "point security gateways r76",
"scope": null,
"trust": 0.6,
"vendor": "check",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005485"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-269"
},
{
"db": "NVD",
"id": "CVE-2014-8951"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:checkpoint:security_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005485"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "67993"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8951",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-8951",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-08327",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03736",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-76896",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8951",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8951",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-08327",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-03736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-269",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76896",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "VULHUB",
"id": "VHN-76896"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005485"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-269"
},
{
"db": "NVD",
"id": "CVE-2014-8951"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. Check Point Security Gateways is a security gateway device from CheckPoint. There are multiple denial of service vulnerabilities in Check Point Security Gateways: 1. There are multiple related services, such as PS blade, IPsec Remote Access, Mobile Access / SSL VPN blade, SSL Network Extender, Identify Awareness blade, HTTPS Inspection, UserCheck, and Data. Errors can cause system instability. 2, the relevant URL Filtering blade and Application Control blade have errors, which can cause the system to hang. 3. There is an error in redirecting to the UserChec page, which can cause the system to crash. 4, related URL Filtering or Identity Awareness has a security vulnerability, an attacker can exploit the vulnerability to crash the system. It provides security functions such as unified security policies, URL filtering, and anti-virus. \nSuccessfully exploiting this issue allows remote attackers to cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8951"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005485"
},
{
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "BID",
"id": "67993"
},
{
"db": "VULHUB",
"id": "VHN-76896"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8951",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "58487",
"trust": 2.9
},
{
"db": "BID",
"id": "67993",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005485",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-269",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-08327",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-03736",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-76896",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "VULHUB",
"id": "VHN-76896"
},
{
"db": "BID",
"id": "67993"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005485"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-269"
},
{
"db": "NVD",
"id": "CVE-2014-8951"
}
]
},
"id": "VAR-201411-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "VULHUB",
"id": "VHN-76896"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
}
]
},
"last_update_date": "2024-11-23T22:27:13.617000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Random traffic outages when UserCheck is enabled on Security Gateway",
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk100505"
},
{
"title": "Patch for Check Point Security Gateways Denial of Service Vulnerability (CNVD-2014-08327)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/51936"
},
{
"title": "Patches for Multiple Denial of Service Vulnerabilities in Check Point Security Gateways",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/46508"
},
{
"title": "CapsuleDocsProxyR77_20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54628"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005485"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-269"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8951"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://secunia.com/advisories/58487"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/67993"
},
{
"trust": 1.6,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk100505"
},
{
"trust": 1.4,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8951"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98761"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8951"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/58487/"
},
{
"trust": 0.1,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026amp;solutionid=sk100505"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "VULHUB",
"id": "VHN-76896"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005485"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-269"
},
{
"db": "NVD",
"id": "CVE-2014-8951"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "VULHUB",
"id": "VHN-76896"
},
{
"db": "BID",
"id": "67993"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005485"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-269"
},
{
"db": "NVD",
"id": "CVE-2014-8951"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"date": "2014-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-76896"
},
{
"date": "2014-06-05T00:00:00",
"db": "BID",
"id": "67993"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005485"
},
{
"date": "2014-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"date": "2014-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-269"
},
{
"date": "2014-11-16T17:59:07.020000",
"db": "NVD",
"id": "CVE-2014-8951"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08327"
},
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-76896"
},
{
"date": "2014-11-19T00:57:00",
"db": "BID",
"id": "67993"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005485"
},
{
"date": "2014-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"date": "2014-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-269"
},
{
"date": "2024-11-21T02:19:59.440000",
"db": "NVD",
"id": "CVE-2014-8951"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-269"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point Security Gateway Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005485"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "67993"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…