Support Center > Search Results > SecureKnowledge Details
Endpoint Security Server Information disclosure vulnerability
Symptoms
  • Endpoint Security Server and Integrity Server allow a remote, unauthenticated user to download private SSL keys.
  • The following versions of Endpoint Security Server are not vulnerable: R73 HFA02, E80.
  • Vulnerable versions:
    • Endpoint Security Server: R71, R72 and R73
    • Integrity Server: 7.x
Solution

To protect the Endpoint Security Server/Integrity Servers (this should include all java servers (Primary, Secondary EPS and all Connection Points) from this vulnerability, customers are advised to install the following HotFix:

Installation instructions

1. Open the archive file.
2. Follow the instructions in the Readme.txt file.

Credits

Check Point thanks HD Moore of Rapid7 for bringing this issue to our attention in a forthright and professional manner.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment