Check Point FireWall-1 HTTP Request Smuggling May Let Remote Users Bypass Web Intelligence Features
|
|
SecurityTracker Alert ID: 1014357 |
|
SecurityTracker URL: http://securitytracker.com/id/1014357
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 2 2005
|
Impact:
Host/resource access via network
|
Fix Available: Yes Exploit Included: Yes
|
Version(s): FP4-R55W beta
|
Description:
A vulnerability was reported in Check Point FireWall-1. A remote user can conduct HTTP request smuggling attacks.
A remote user can submit a specially crafted HTTP request with two 'Content-Length' headers to embedded a malicious request within another request. This can be exploited to bypass some of the Web Intelligence security features, such as the worm catcher, directory traversal, maximum URL length, XSS, URI resource, and command injection protection mechanisms.
This vulnerability was reported by Watchfire.
A description of HTTP request smuggling attacks is available at:
http://www.watchfire.com/resources/HTTP-R equest-Smuggling.pdf
|
Impact:
A remote user may be able to bypass some of the Web Intelligence security features.
|
Solution:
The report indicates that the vendor may have issued a fix as part of R55W or a separate patch.
[Editor's note: The vendor's public web site does not reference this vulnerability.]
|
Vendor URL: www.checkpoint.com/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 1 Jul 2005 19:07:33 -0400
Subject: http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
|
> CHECK POINT FW-1
> We understand that the issues described above are either fixed in R55W, or are fixed
> via a patch now available from Check Point.
|
|
