Multiple vulnerabilities in Web GUI of UTM-1 Edge, Safe@Office and ZoneAlarm appliances

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk65460
Technical Level
Severity	Medium
Product	Edge, Safe@Office
Version	8.x, 7.x
OS	Linux
Platform / Model	Edge
Date Created	16-Oct-2011
Last Modified	20-Nov-2017

Symptoms

Multiple vulnerabilities were detected in Web GUI on UTM-1 Edge, Safe@Office and ZoneAlarm appliances.
Vulnerabilities are of the following nature: XSS, CSRF, information disclosure and offsite redirection.
Vulnerable firmware versions are 6.x. 7.x, 8.x.

Solution

This problem was fixed. The fix is included in:

Firmware 8.2.44 (and above)

Check Point recommends to always upgrade to the most recent version.

Credit

Check Point thanks Richard Brain of ProCheckUp for responsible disclosure of this issue.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

This solution is about products that are no longer supported and it will not be updated

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating