Sign-up

ID

VAR-200212-0665


CVE

CVE-2002-2405


TITLE

Check Point Firewall-1 HTTP Proxy Server Unauthorized Protocol Access Vulnerability

Trust: 0.9

sources: BID: 5744 // CNNVD: CNNVD-200212-522

DESCRIPTION

Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall. Firewall-1 is an enterprise level firewall package distributed by Check Point Technologies. It is available for the Unix, Linux, and Microsoft Windows platforms. It has been reported that Firewall-1 does not properly check the contents of sessions when passed through the HTTP proxy server. It is possible for a remote user with access to the proxy server through an authenticated user account to pass protocols through the system that violate security policy. These protocols include FTP, and HTTPS. It should also be noted that this vulnerability affects the HTTPS proxy for Firewall-1. Remote attackers can use this vulnerability to communicate externally through the HTTP proxy server using multiple protocols. When FW-1 is installed using \"out the box\" and set with the following rules: Source Destination Service Action Track AllUsers@SomeNet webserver http UserAuth Long Allow Auth HTTP Any firewall Any drop Long Stealth Rule Any Any Any drop Long CleanUp Rule When Firewall-1 operates using UserAuth, the communication is handled by the security service module, and in the case of an HTTP proxy, by the HTTP security service module (in.ahttpd). However, the default HTTP security service module lacks correct inspection of the session content, which can cause the authenticated user to communicate through this proxy server using different protocols such as (HTTPS, FTP). Firewall-1 using SP6 has made some corrections on this issue. For the SP6 system installed by default, if the HTTP protocol is only allowed to pass through, using the HTTPS protocol to access the site may cause rule conflicts and access failures, and error Information is logged to log files, but FTP protocol communications are still accessible through the HTTP proxy service

Trust: 1.26

sources: NVD: CVE-2002-2405 // BID: 5744 // VULHUB: VHN-6788

AFFECTED PRODUCTS

vendor:checkpointmodel:firewall-1scope:eqversion:4.1

Trust: 1.6

vendor:checkpointmodel:firewall-1scope:eqversion:ng

Trust: 1.6

vendor:checkmodel:point software nokia voyagerscope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software next generation fp2scope: - version: -

Trust: 0.3

vendor:checkmodel:point software next generation fp1scope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp6scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp5scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp4scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp3scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp2scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1scope:eqversion:4.1

Trust: 0.3

sources: BID: 5744 // CNNVD: CNNVD-200212-522 // NVD: CVE-2002-2405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-2405
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200212-522
value: MEDIUM

Trust: 0.6

VULHUB: VHN-6788
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-2405
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6788
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6788 // CNNVD: CNNVD-200212-522 // NVD: CVE-2002-2405

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.1

sources: VULHUB: VHN-6788 // NVD: CVE-2002-2405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-522

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200212-522

EXTERNAL IDS

db:BIDid:5744

Trust: 2.0

db:NVDid:CVE-2002-2405

Trust: 1.7

db:CNNVDid:CNNVD-200212-522

Trust: 0.7

db:XFid:1

Trust: 0.6

db:BUGTRAQid:20020918 FIREWALL-1 ?HTTP SECURITY SERVER - PROXY VULNERABILITY

Trust: 0.6

db:NSFOCUSid:3586

Trust: 0.6

db:VULHUBid:VHN-6788

Trust: 0.1

sources: VULHUB: VHN-6788 // BID: 5744 // CNNVD: CNNVD-200212-522 // NVD: CVE-2002-2405

REFERENCES

url:http://www.securityfocus.com/bid/5744

Trust: 2.7

url:http://archives.neohapsis.com/archives/bugtraq/2002-09/0219.html

Trust: 2.7

url:http://www.iss.net/security_center/static/10139.php

Trust: 2.7

url:http://www.nsfocus.net/vulndb/3586

Trust: 0.6

url:http://www.checkpoint.com/techsupport/

Trust: 0.3

sources: VULHUB: VHN-6788 // BID: 5744 // CNNVD: CNNVD-200212-522 // NVD: CVE-2002-2405

CREDITS

Mark van Gelder※ vgelder@icon.co.za

Trust: 0.6

sources: CNNVD: CNNVD-200212-522

SOURCES

db:VULHUBid:VHN-6788
db:BIDid:5744
db:CNNVDid:CNNVD-200212-522
db:NVDid:CVE-2002-2405

LAST UPDATE DATE

2024-11-22T21:22:09.290000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-6788date:2008-09-05T00:00:00
db:BIDid:5744date:2002-09-18T00:00:00
db:CNNVDid:CNNVD-200212-522date:2002-12-31T00:00:00
db:NVDid:CVE-2002-2405date:2024-11-20T23:43:36.500

SOURCES RELEASE DATE

db:VULHUBid:VHN-6788date:2002-12-31T00:00:00
db:BIDid:5744date:2002-09-18T00:00:00
db:CNNVDid:CNNVD-200212-522date:2002-09-19T00:00:00
db:NVDid:CVE-2002-2405date:2002-12-31T05:00:00