QwikSec

Security Database

CVE

CWE

Training

CVE-2007-0471

Published: Jan 24, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

20070122 Check Point Connectra End Point security bypass

mailing-list

x_refsource_FULLDISC

20070122 Check Point Connectra End Point security bypass

mailing-list

x_refsource_BUGTRAQ

http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html

x_refsource_CONFIRM

http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html

x_refsource_MISC

third-party-advisory

x_refsource_SREASON

third-party-advisory

x_refsource_SECUNIA

20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass

mailing-list

x_refsource_BUGTRAQ

checkpoint-params-security-bypass(31646)

vdb-entry

x_refsource_XF

http://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk32472

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_SECTRACK

http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.