Check Point HTTP Service Denial-of-Service Vulnerability via Malformed Requests

A denial-of-service vulnerability has been identified in certain Check Point HTTP-based services, including the Mobile Access Portal and Identity Awareness Portals (excluding Captive Portal). This issue arises from improper parsing and validation of HTTP requests, allowing attackers to exploit the vulnerability and potentially cause a service disruption. The vulnerability affects multiple Check Point versions, including R77.20, R77.30, R80.10, R80.20, R80.20.X, R80.30, R80.40, R81, R81.10, R81.10.X, R81.20, R82, R82.00.X, and R82.10, with specific vulnerable releases within these versions.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, HTTP header injection, or a heap buffer overflow.

Remediation

The vulnerability has been fixed in the Jumbo Hotfix Accumulator for R82.10 (starting from Take 19), R82 (starting from Take 103), and R81.20 (starting from Take 141). For Spark Firewalls, the fix is available in R81.10.17 and R82.00.10. After installing the fix, Check Point WatchDog will automatically restart the affected portals. Until the fix is applied, it is recommended to limit access to the affected HTTP services to trusted networks, disable unused web-based services, and monitor logs for unexpected HTTP access attempts.