Support Center > Search Results > SecureKnowledge Details
Check Point response to common false positives scanning results Technical Level
Solution

Table of Contents:

  • Introduction
  • List of vulnerability scan results
  • Related solutions

 

Introduction

Vulnerability scanners (e.g., Nmap, Nessus, etc.) designed to test computers, computer systems, networks or applications for weaknesses.

These scanners sends specially crafted packets (based on the known vulnerabilities) to the target host and then analyze the responses.

Based on the received responses, the scanners produce reports that show, which systems were found vulnerable.

This article lists known false-positive vulnerability results regarding Check Point software.

 

List of vulnerability scan results

Vulnerability
scan result
Reference Check Point
response
Comments
OpenSSL vulnerabilities --- sk92447 None
OpenSSH vulnerabilities --- sk65269 None
Java SSL KeyStore password disclosure --- --- The password appears also in SKs as a way to add trusted CAs. The keystore file (cacerts) is accessible only to the trusted Expert user.
Todd Miller Sudo Host_List Local Privilege Escalation Vulnerability CVE-2012-2337 This issue was fixed by R77 but the binary's version was not updated; this causes some scanners to report that we are still vulnerable.
Apache: HTTP TRACE Method is enabled VU#867593 sk69160 None
Apache: HTTP Server httpOnly information disclosure (HTTP_Apache_Error_Cookie_Disclosure) CVE-2012-0053 --- This vulnerability is not relevant to Check Point Web Portal on the Security Gateway
Apache: HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness CVE-2007-6203 ---

Check Point software is not vulnerable.

Neither Apache Software Foundation, nor Red Hat consider this issue to be a vulnerability.

TCP Timestamps are enabled (TCP PAWS vulnerability) CVE-2005-0356 sk62700 None
SSL: Cipher Suite still includes RC4 and defaults to it with most browsers --- sk93395 None
SSL: Secure renegotiation not supported --- sk40828 None
SSL: BEAST attack CVE-2011-3389 sk86440 None
SSL/TLS: Protocol Initialization Vector Implementation Information Disclosure Vulnerability Link sk86440 Related to CVE-2011-3389 ("BEAST" attack)
SSL/TLS: Attack against RC4 stream cipher CVE-2013-2566 sk93395 Related to CVE-2012-4929 and CVE-2012-4930 ("CRIME" attack)
SSL/TLS: CRIME attack CVE-2012-4929 sk93395 Related to CVE-2012-4930 ("CRIME" attack) and CVE-2013-2566
SPDY: SSL/TLS CRIME attack CVE-2012-4930  sk93395 Related to CVE-2012-4929 ("CRIME" attack) and CVE-2013-2566
Linux Kernel TCP Sequence Number Generation Security Weakness CVE-2011-3188 sk93326 Related to CVE-2004-0230
lighttpd SSL Weak Cipher Security Bypass Weakness CVE-2013-4508 --- Check Point does not use lighttpd
lighttpd Local Privilege Escalation Vulnerability CVE-2013-4559 --- Check Point does not use lighttpd
Denial of Service (caching forward proxy process crash) by remote origin servers due to date handling code in Apache 2.3.0 CVE-2007-3847 --- Check Point does not use Apache 2.3.0
Directory Traversal CVE-2002-0946  --- False Positive - attacker can't perform path traversal and reflect any critical files from the OS
FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion CVE-2001-0183  --- Check Point GAiA is not based on FreeBSD and is therefore not affected.
PHP heap-based buffer over-read in mbstring regular expression functions  CVE-2019-9023   Check Point is not vulnerable as we are not using the relevant flow in our code.
shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode CVE-2009-0859   Not vulnerable (RHEL are not vulnerable in all versions). 
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. CVE-2010-3850   Check Point runs on 2.6.18-92cp, so this CVE does not apply.

RHEL is not vulnerable in all versions.

Vulnerability scanner shows that machine running Check Point software is vulnerable to CVE-1999-1196 CVE-1999-1196 Check Point software is not vulnerable because it does not run Hummingbird Exceed software.
CVE-2017-7890 (PHP gdImageCreateFromGifCtx Out of Bounds Read) CVE-2017-7890 Although the vulnerable code resides on the Security Gateway/Management, the GIF decoding functions are not being used by the Web Portals and therefore, Check Point is not exploitable to this vulnerability.
HTTP Smuggling Detection HTTP Desync Attacks: Request Smuggling Reborn The HTTPS servers used by Check Point products are not vulnerable to this.
CGI Generic SQL Injection with vpid_prefix attribute in Mobile Access --- --- This is a false positive since the vpid_prefix attribute is sanitized before rendering.
CGI Generic SQL Injection - port 900 www (blind, time based) in Client Authentication This is a false positive since there is no SQL usage in the authentication process – so SQL Injection is irrelevant.
CGI Generic Cross-Site Request Forgery Detection - port 900 www (potential) in Client Authentication This is a false positive since there aren’t any actions or long session beyond the login – so CSRF is irrelevant.

 

Applies To:
  • sk112277 and sk169775 content added.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment