VAR-201411-0111
Vulnerability from variot - Updated: 2023-12-18 12:51Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. Check Point Security Gateways is a security gateway device from CheckPoint. There are multiple denial of service vulnerabilities in Check Point Security Gateways: 1. There are multiple related services, such as PS blade, IPsec Remote Access, Mobile Access / SSL VPN blade, SSL Network Extender, Identify Awareness blade, HTTPS Inspection, UserCheck, and Data. Errors can cause system instability. 2, the relevant URL Filtering blade and Application Control blade have errors, which can cause the system to hang. 3. There is an error in redirecting to the UserChec page, which can cause the system to crash. It provides security functions such as unified security policies, URL filtering, and anti-virus. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0111",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "r77.10"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "r77"
},
{
"model": "point security gateways r77",
"scope": null,
"trust": 1.2,
"vendor": "check",
"version": null
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r77"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r77.10"
},
{
"model": "point security gateways r77.10",
"scope": null,
"trust": 0.6,
"vendor": "check",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005484"
},
{
"db": "NVD",
"id": "CVE-2014-8950"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-268"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:checkpoint:security_gateway:r77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:security_gateway:r77.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8950"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "67993"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8950",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-8950",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03736",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-08328",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-76895",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8950",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-03736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-08328",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-268",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76895",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"db": "VULHUB",
"id": "VHN-76895"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005484"
},
{
"db": "NVD",
"id": "CVE-2014-8950"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-268"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. Check Point Security Gateways is a security gateway device from CheckPoint. There are multiple denial of service vulnerabilities in Check Point Security Gateways: 1. There are multiple related services, such as PS blade, IPsec Remote Access, Mobile Access / SSL VPN blade, SSL Network Extender, Identify Awareness blade, HTTPS Inspection, UserCheck, and Data. Errors can cause system instability. 2, the relevant URL Filtering blade and Application Control blade have errors, which can cause the system to hang. 3. There is an error in redirecting to the UserChec page, which can cause the system to crash. It provides security functions such as unified security policies, URL filtering, and anti-virus. \nSuccessfully exploiting this issue allows remote attackers to cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8950"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005484"
},
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "BID",
"id": "67993"
},
{
"db": "VULHUB",
"id": "VHN-76895"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8950",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "58487",
"trust": 2.9
},
{
"db": "BID",
"id": "67993",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005484",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-268",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-03736",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-08328",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-76895",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"db": "VULHUB",
"id": "VHN-76895"
},
{
"db": "BID",
"id": "67993"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005484"
},
{
"db": "NVD",
"id": "CVE-2014-8950"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-268"
}
]
},
"id": "VAR-201411-0111",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"db": "VULHUB",
"id": "VHN-76895"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNVD",
"id": "CNVD-2014-08328"
}
]
},
"last_update_date": "2023-12-18T12:51:49.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "When URL Filtering or Identity Awareness is enabled, trying to reach HTTPS sites can cause the Gateway to crash",
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk98935"
},
{
"title": "Patches for Multiple Denial of Service Vulnerabilities in Check Point Security Gateways",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46508"
},
{
"title": "Patch for Check Point Security Gateways Denial of Service Vulnerability (CNVD-2014-08328)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/51935"
},
{
"title": "CapsuleDocsProxyR77_20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54628"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005484"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-268"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8950"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://secunia.com/advisories/58487"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/67993"
},
{
"trust": 1.6,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk98935"
},
{
"trust": 1.4,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8950"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98763"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8950"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/58487/"
},
{
"trust": 0.1,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026amp;solutionid=sk98935"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"db": "VULHUB",
"id": "VHN-76895"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005484"
},
{
"db": "NVD",
"id": "CVE-2014-8950"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-268"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"db": "VULHUB",
"id": "VHN-76895"
},
{
"db": "BID",
"id": "67993"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005484"
},
{
"db": "NVD",
"id": "CVE-2014-8950"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-268"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"date": "2014-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"date": "2014-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-76895"
},
{
"date": "2014-06-05T00:00:00",
"db": "BID",
"id": "67993"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005484"
},
{
"date": "2014-11-16T17:59:05.517000",
"db": "NVD",
"id": "CVE-2014-8950"
},
{
"date": "2014-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"date": "2014-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-268"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03736"
},
{
"date": "2014-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08328"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-76895"
},
{
"date": "2014-11-19T00:57:00",
"db": "BID",
"id": "67993"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005484"
},
{
"date": "2017-09-08T01:29:30.857000",
"db": "NVD",
"id": "CVE-2014-8950"
},
{
"date": "2014-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"date": "2014-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-268"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-322"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-268"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point Security Gateway Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005484"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "67993"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…