‘Check Point Endpoint Security Server Information Disclosure Vulnerability’
‘The information has been provided by HD Moore.
The original article can be found at: http://seclists.org/fulldisclosure/2011/Feb/118‘
* Check Point Server version R71
* Check Point Server version R72
* Check Point Server version R73
* Check Point Server version Integrity Server version 7.
Examples of exposed files include:
These files are also exposed via the Tomcat server:
The directories include the SSL private keys, sensitive configuration files (often containing passwords), and application binaries.
This patch blocks remote access to the Tomcat instance (8080) and restricts access to private directories via POST and GET requests. This patch does not prevent a remote attacker from determining the size of a sensitive file by using HEAD requests.
2010-11-08 – Vulnerability reported to Check Point
2010-11-09 – Acknowledgement from Check Point
2010-11-29 – Advisory and hotfix released by Check Point
2011-02-07 – Detailed advisory released’