Multiple Check Point Endpoint Security Products Information Disclosure Vulnerabilities

vendor:

Endpoint Security Products

by:

SecurityFocus

7.5

CVSS

HIGH

Information Disclosure

200

CWE

Product Name: Endpoint Security Products

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Multiple Check Point Endpoint Security Products Information Disclosure Vulnerabilities

Multiple Check Point endpoint security products are prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to harvest sensitive information that may lead to further attacks. The vulnerable URLs include: http://www.example.com/conf/ssl/apache/integrity-smartcenter.cert, http://www.example.com/conf/ssl/apache/integrity-smartcenter.key, http://www.example.com/conf/ssl/apache/integrity.cert, http://www.example.com/conf/ssl/apache/integrity.key, http://www.example.com/conf/ssl/apache/smartcenter.cert, http://www.example.com/conf/ssl/integrity-keystore.jks, http://www.example.com/conf/ssl/isskeys.jks, http://www.example.com/conf/ssl/openssl.pem, http://www.example.com/conf/integrity.xml, http://www.example.com/conf/jaas/users.xml, http://www.example.com/bin/DBSeed.xml, http://www.example.com:8080/conf/ssl/apache/integrity-smartcenter.cert, http://www.example.com:8080/conf/ssl/apache/integrity-smartcenter.key, http://www.example.com:8080/conf/ssl/apache/integrity.cert, http://www.example.com:8080/conf/ssl/apache/integrity.key, http://www.example.com:8080/conf/ssl/apache/smartcenter.cert, http://www.example.com:8080/conf/ssl/integrity-keystore.jks, http://www.example.com:8080/conf/ssl/isskeys.jks, http://www.example.com:8080/conf/ssl/openssl.pem, http://www.example.com:8080/conf/integrity.xml, http://www.example.com:8080/conf/jaas/users.xml, http://www.example.com:8080/bin/DBSeed.xml

Mitigation:

Check Point has released a patch to address this issue. Users should upgrade to the latest version of the affected software.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46224/info

Multiple Check Point endpoint security products are prone to multiple information-disclosure vulnerabilities.

Attackers can exploit these issues to harvest sensitive information that may lead to further attacks. 

http://www.example.com/conf/ssl/apache/integrity-smartcenter.cert
http://www.example.com/conf/ssl/apache/integrity-smartcenter.key
http://www.example.com/conf/ssl/apache/integrity.cert
http://www.example.com/conf/ssl/apache/integrity.key
http://www.example.com/conf/ssl/apache/smartcenter.cert
http://www.example.com/conf/ssl/integrity-keystore.jks
http://www.example.com/conf/ssl/isskeys.jks
http://www.example.com/conf/ssl/openssl.pem
http://www.example.com/conf/integrity.xml
http://www.example.com/conf/jaas/users.xml
http://www.example.com/bin/DBSeed.xml
http://www.example.com:8080/conf/ssl/apache/integrity-smartcenter.cert