VulDB: Check Point Connectra R62 /Login cross site scripting
General
scipID: 4020
Affected: Check Point Connectra R62
Published: 09/21/2009 (Stefan Friedli)
Risk: 
critical
Entry: 92.9% complete
Created: 09/04/2009
Updated: 09/21/2009
Summary
A vulnerability classified as critical has been found in Check Point Connectra R62. Affected is an unknown function of the file /Login. The manipulation with an unknown input leads to a cross site scripting vulnerability. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was published 09/21/2009 by Stefan Friedli with scip AG. The advisory is shared for download at scip.ch. It is possible to launch the attack remotely. Technical details and a exploit are known.
The exploit is shared for download at securityfocus.com. The vulnerability was handled as a non-public zero-day exploit for at least 17 days. By approaching the search of inurl:/Login it is possible to find vulnerable targets with Google Hacking.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at supportcenter.checkpoint.com. The vulnerability is also documented in the databases at OSVDB (58265), Secunia (SA36821), SecurityFocus (BID 36466) and SecurityTracker (ID 1022917). Further details are available at juniper.net.CVSS
Base Score: 6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Cross site scripting
Local: No
Remote: Yes
Availability: Yes
Download: securityfocus.com
Google Hack: inurl:/Login
Countermeasures
Recommended: Upgrade
0-Day Time: 17 days since found
Patch: supportcenter.checkpoint.com
Timeline
09/04/2009 | VulDB entry created
09/21/2009 | Advisory disclosed
09/21/2009 | VulDB entry updated
09/22/2009 | OSVDB entry created
Sources
Advisory: scip.ch
Researcher: Stefan Friedli
Company: scip AG
OSVDB: 58265
Secunia: 36821
SecurityFocus: 36466
SecurityTracker: 1022917
Vupen: ADV-2009-2717
Misc.: juniper.net
