发布时间 :2000-01-29 00:00:00
修订时间 :2008-09-10 15:02:56

[原文]Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.

[CNNVD]Check Point Firewall-1脚本标签检查绕过漏洞(CNNVD-200001-062)

        Firewall-1无法正确过滤脚本标签。远程攻击者通过在SCRIPT标签前包含额外的<绕过"Strip Script Tags"限制。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

Check Point Firewall-1脚本标签检查绕过漏洞
高危 其他
2000-01-29 00:00:00 2006-04-07 00:00:00
        Firewall-1无法正确过滤脚本标签。远程攻击者通过在SCRIPT标签前包含额外的<绕过"Strip Script Tags"限制。

- 公告与补丁

        Upgrade to Check Point FireWall-1 version 4.1 Service Pack 2 or later.

- 漏洞信息 (19732)

Check Point Software Firewall-1 3.0 Script Tag Checking Bypass Vulnerability (EDBID:19732)
multiple remote
2000-01-29 Verified
0 Arne Vidstrom
N/A [点击下载]

Firewall-1 includes the ability to alter script tags in HTML pages before passing them to the client's browser. This alteration invalidates the tag, rendering the script unexecutable by the browser. In version 3, this function can be bypassed by adding an extra opening angle bracket. The tag will be left unmodified, and the browser will be able to execute the contained script. Hostile script could lead to a remote compromise of the client system.

Firewall-1 version 4 will alter the tag as expected. 

<<script language="javascript">
alert("<<script> tag succesfully passed!")
Click <A HREF="/vdb/bottom.html?section=exploit&vid=954">here</A> to return to vulnerability listing.

- 漏洞信息

Check Point FireWall-1 Script Tag Check Bypass
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Public Third-party Verified

- 漏洞描述

Check Point FireWall-1 contains a flaw that allows a remote attacker to use malformed script tags that will bypass the firewall filter. The issue is due to Firewall-1 not properly recognizing certain malformed script tags and acting on them. Rather than block the traffic as it should, the firewall passes it.

- 时间线

2000-01-29 Unknow
2000-01-29 Unknow

- 解决方案

Upgrade to version 4.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者