Checkpoint VPN XSS, Multiple Java Vulns

Checkpoint VPN-1 UTM Edge is vulnerable to cross site scripting. This particular XSS vulnerability allows for reflective cross site scripting pre authentication. This could allow attackers to embed the login form in an html form for deceptive and malicious purposes. The latest firmware version, 7.5.48, reportedly does not contain this vulnerability.

There are multiple vulnerabilities in Java. This includes Java Web Start, the JRE and SDK. These vulnerabilities could lead to a Denial of Service or system compromise. All of the more recent versions of Java are vulnerable, so if you haven’t updated your Java install in a few weeks, now would be the time to do so.

Lighttpd, a popular light open source web server, is vulnerable to CGI source exposure and potential denial of service. Version 1.4.18-r2 is affected and a newer version is available.

Sun Java Updates

Two vulnerabilities in the Java Runtime Environment have been announced. These may allow an applet to gain elevated privileges and could allow for the execution of arbitrary code. The affected releases are:

JDK and JRE 6 Update 1 and earlier
JDK and JRE 5.0 Update 13 and earlier

We recommend that you update your systems. The original advisory is at: