ID

VAR-200001-0018


CVE

CVE-2000-0116


TITLE

Check Point Firewall-1 Script tag check bypass vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200001-062

DESCRIPTION

Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. Firewall-1 includes the ability to alter script tags in HTML pages before passing them to the client's browser. This alteration invalidates the tag, rendering the script unexecutable by the browser. In version 3, this function can be bypassed by adding an extra opening angle bracket. The tag will be left unmodified, and the browser will be able to execute the contained script. Hostile script could lead to a remote compromise of the client system. Firewall-1 version 4 will alter the tag as expected

Trust: 1.26

sources: NVD: CVE-2000-0116 // BID: 954 // VULHUB: VHN-1695

AFFECTED PRODUCTS

vendor:checkpointmodel:firewall-1scope:eqversion:3.0

Trust: 1.6

vendor:checkmodel:point software firewall-1scope:eqversion:3.0

Trust: 0.3

vendor:checkmodel:point software firewall-1scope:neversion:4.0

Trust: 0.3

sources: BID: 954 // CNNVD: CNNVD-200001-062 // NVD: CVE-2000-0116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0116
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200001-062
value: HIGH

Trust: 0.6

VULHUB: VHN-1695
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2000-0116
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1695
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1695 // CNNVD: CNNVD-200001-062 // NVD: CVE-2000-0116

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0116

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200001-062

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200001-062

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1695

EXTERNAL IDS

db:BIDid:954

Trust: 2.0

db:NVDid:CVE-2000-0116

Trust: 1.7

db:OSVDBid:1212

Trust: 1.7

db:CNNVDid:CNNVD-200001-062

Trust: 0.7

db:SEEBUGid:SSVID-73648

Trust: 0.1

db:EXPLOIT-DBid:19732

Trust: 0.1

db:VULHUBid:VHN-1695

Trust: 0.1

sources: VULHUB: VHN-1695 // BID: 954 // CNNVD: CNNVD-200001-062 // NVD: CVE-2000-0116

REFERENCES

url:http://www.securityfocus.com/bid/954

Trust: 2.7

url:http://www.osvdb.org/1212

Trust: 2.7

url: -

Trust: 0.1

sources: VULHUB: VHN-1695 // CNNVD: CNNVD-200001-062 // NVD: CVE-2000-0116

CREDITS

Discovered and posted to Bugtraq by Arne Vidstrom <arne.vidstrom@ntsecurity.nu>.

Trust: 0.9

sources: BID: 954 // CNNVD: CNNVD-200001-062

SOURCES

db:VULHUBid:VHN-1695
db:BIDid:954
db:CNNVDid:CNNVD-200001-062
db:NVDid:CVE-2000-0116

LAST UPDATE DATE

2024-11-22T22:51:43.140000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1695date:2008-09-10T00:00:00
db:BIDid:954date:2000-01-29T00:00:00
db:CNNVDid:CNNVD-200001-062date:2006-04-07T00:00:00
db:NVDid:CVE-2000-0116date:2024-11-20T23:31:45.340

SOURCES RELEASE DATE

db:VULHUBid:VHN-1695date:2000-01-29T00:00:00
db:BIDid:954date:2000-01-29T00:00:00
db:CNNVDid:CNNVD-200001-062date:2000-01-29T00:00:00
db:NVDid:CVE-2000-0116date:2000-01-29T05:00:00