Media Alert: Check Point Protects Against Oracle Zero-Day Vulnerability
August 04 2008 - 7:19PM
Business Wire
Check Point� Software Technologies Ltd. (Nasdaq:CHKP), the
worldwide leader in securing the Internet, today announced that
users of VPN-1� R65, R62, R61 and R60, VSX� NGX R65, InterSpect�
NGX, Connectra� NGX R62 and R61 are already protected from a newly
disclosed unpatched vulnerability in Oracle BEA WebLogic Server
Apache Connector (CVE-2008-3257), while users of IPS-1 can be
protected by downloading the latest SmartDefense update.
SmartDefense Services subscribers and IPS-1 users receive
protection against the threat, which if exploited allows attackers
to execute arbitrary code on the WebLogic Server. The
vulnerability, announced by Oracle on July 28, affects Oracle BEA
WebLogic Servers (a full list of vulnerable products can be found
at www.oracle.com/technology/deploy/security/alerts/
alert_cve2008-3257.html (Due to its length, this URL may need to be
copied/pasted into your Internet browser's address field.��Remove
the extra space if one exists.)). Due to a boundary error in the
Apache connector, a remote attacker may exploit this vulnerability
by sending a specially crafted HTTP request to an Apache Web server
in front of a WebLogic application server, causing a stack-based
buffer overflow and allowing the attacker to execute arbitrary code
on a vulnerable system. Since 2004, Check Point VPN-1 Power VSX,
InterSpect and Connectra security gateways have had the capability
to mitigate such threats. �Implementing workarounds for servers to
protect against zero-day threats can be a cumbersome process,
especially if the workaround requires restarting servers,� said
Oded Gonda, vice president of network security products at Check
Point. �Through Check Point SmartDefense Services and single
management console, protections against the latest threats can be
implemented immediately with minimal disruption.� Check Point
released a SmartDefense advisory and an IPS-1 update for the Oracle
BEA WebLogic Server Apache Connector vulnerability. The advisory
and IPS-1 update can be found at:
www.checkpoint.com/defense/advisories/protected/2008/cpai-03-Aug.html.
It includes additional information on the threat and a step-by-step
explanation of how to configure the appropriate SmartDefense and
IPS-1 protection to mitigate the threat. Check Point SmartDefense
provides intrusion prevention capabilities that are integrated into
Check Point gateways. SmartDefense is updated by SmartDefense
Services, which provide ongoing and real-time updates and
configuration advisories for defenses and security policies.
SmartDefense protections are developed and distributed by
SmartDefense Research and Response Centers located around the
globe. For more information on SmartDefense go to
www.checkpoint.com/defense. About Check Point Software Technologies
Ltd. Check Point Software Technologies Ltd. (www.checkpoint.com) is
the leader in securing the Internet. Check Point offers total
security solutions featuring a unified gateway, single endpoint
agent and single management architecture, customized to fit
customers' dynamic business needs. This combination is unique and
is a result of our leadership and innovation in the enterprise
firewall, personal firewall/endpoint, data security and VPN
markets. Check Point's pure focus is on information security.
Through its NGX platform, Check Point delivers a unified security
architecture to protect business communications and resources,
including corporate networks and applications, remote employees,
branch offices and partner extranets. The company also offers
market-leading endpoint and data security solutions with Check
Point Endpoint Security products, protecting and encrypting
sensitive corporate information stored on PCs and other mobile
computing devices. Check Point's award-winning ZoneAlarm solutions
protect millions of consumer PCs from hackers, spyware and identity
theft. Check Point solutions are sold, integrated and serviced by a
network of Check Point partners around the world and its customers
include 100 percent of Fortune 100 companies and tens of thousands
of businesses and organizations of all sizes. �2003�2008 Check
Point Software Technologies Ltd. All rights reserved.
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Sep 2024 to Oct 2024
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Oct 2023 to Oct 2024