VulDB: Check Point Endpoint Security 7.x Web Directory information disclosure
General
scipID: 4287
Affected: Check Point Endpoint Security 7.x
Published: 02/08/2011 (HD Moore)
Risk: 
critical
Entry: 85.3% complete
Created: 02/16/2011
Updated: 06/29/2012
Summary
A vulnerability, which was classified as critical, was found in Check Point Endpoint Security 7.x. This affects an unknown function of the component Web Directory. The manipulation with an unknown input leads to a information disclosure vulnerability. This is going to have an impact on confidentiality, and integrity.
The weakness was disclosed 02/08/2011 by HD Moore with Rapid7. The advisory is shared for download at archives.neohapsis.com. It is possible to initiate the attack remotely. The technical details are unknown and an exploit is not publicly available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at supportcenter.checkpoint.com. The vulnerability is also documented in the vulnerability database at Secunia (SA43219).CVSS
Base Score: 4.9 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Information disclosure
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Patch
0-Day Time: 0 days since found
Patch: supportcenter.checkpoint.com
Timeline
02/08/2011 | Advisory disclosed
02/16/2011 | VulDB entry created
06/29/2012 | VulDB entry updated
Sources
Advisory: archives.neohapsis.com
Researcher: HD Moore
Company: Rapid7
Secunia: 43219
- Latest Entries
- EMC RSA Authentication API Encryption Key information disclosure
- Cisco Secure Access Control System Web Interface weak authentication
- Python ssl.match_hostname() denial of service
- Mozilla Firefox/Thunderbird nsContentUtils::RemoveScriptBlocker buffer overflow
- Mozilla Firefox/Thunderbird nsFrameList::FirstChild buffer overflow
- Statistics
- Archive
