Lucene search
MitreCVE-2001-1101HistoryMar 15, 2002 - 5:00 a.m.
CVE-2001-1101
2002-03-1505:00:00
mitre
web.nvd.nist.gov
26
check point
firewall-1
solaris
gui
log viewer
unauthorized access
file overwrite
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
55.3%
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of ‘.log’ files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in ‘.log’, or (2) local users to overwrite arbitrary files via a symlink attack.
Affected configurations
Node
checkpointfirewall-1Match3.0
ORcheckpointfirewall-1Match4.0
ORcheckpointfirewall-1Match4.1
ORcheckpointfirewall-1Match4.1sp1
ORcheckpointfirewall-1Match4.1sp2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| checkpoint | firewall-1 | 3.0 | cpe:2.3:a:checkpoint:firewall-1:3.0:*:*:*:*:*:*:* |
| checkpoint | firewall-1 | 4.0 | cpe:2.3:a:checkpoint:firewall-1:4.0:*:*:*:*:*:*:* |
| checkpoint | firewall-1 | 4.1 | cpe:2.3:a:checkpoint:firewall-1:4.1:*:*:*:*:*:*:* |
| checkpoint | firewall-1 | 4.1 | cpe:2.3:a:checkpoint:firewall-1:4.1:sp1:*:*:*:*:*:* |
| checkpoint | firewall-1 | 4.1 | cpe:2.3:a:checkpoint:firewall-1:4.1:sp2:*:*:*:*:*:* |
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
55.3%
Related for CVE-2001-1101