Support Center > Search Results > SecureKnowledge Details
Support Center
The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point.
 Print    Email
Endpoint Security Server Information disclosure vulnerability

Solution ID: sk57881
Severity: High
Product: Endpoint Security Server
Version: 7.x, R71, R73, R72
OS: SecurePlatform, Windows
Platform / Model: All
Date Created: 28-Nov-2010
Last Modified: 02-Mar-2011
Rate this document
[1=Worst,5=Best]
Symptoms
  • Endpoint Security Server and Integrity Server allow a remote, unauthenticated user to download private SSL keys.
  • The following versions of Endpoint Security Server are not vulnerable: R73 HFA02, R80.
  • Vulnerable versions:
    • Endpoint Security Server: R71, R72 and R73
    • Integrity Server: 7.x
Solution

To protect the Endpoint Security Server/Integrity Servers (this should include all java servers (Primary, Secondary EPS and all Connection Points) from this vulnerability, customers are advised to install the following HotFix:

Installation instructions

1. Open the archive file.
2. Follow the instructions in the Readme.txt file.

Credits

Check Point thanks HD Moore of Rapid7 for bringing this issue to our attention in a forthright and professional manner.


Give us Feedback
Rate this document
[1=Worst,5=Best]
Additional comments...(Max 2000 characters allowed)
Characters left: 2000