Media Alert: Check Point Protects Against Oracle Zero-Day Vulnerability

Check Point® Software Technologies Ltd., the worldwide leader in securing the Internet, today announced that users of VPN-1® R65, R62, R61 and R60, VSX® NGX R65, InterSpect® NGX, Connectra® NGX R62 and R61 are already protected from a newly disclosed unpatched vulnerability in Oracle BEA WebLogic Server Apache Connector (CVE-2008-3257), while users of IPS-1 can be protected by downloading the latest SmartDefense update. SmartDefense Services subscribers and IPS-1 users receive protection against the threat, which if exploited allows attackers to execute arbitrary code on the WebLogic Server.

The vulnerability, announced by Oracle on July 28, affects Oracle BEA WebLogic Servers (a full list of vulnerable products can be found at www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html). Due to a boundary error in the Apache connector, a remote attacker may exploit this vulnerability by sending a specially crafted HTTP request to an Apache Web server in front of a WebLogic application server, causing a stack-based buffer overflow and allowing the attacker to execute arbitrary code on a vulnerable system. Since 2004, Check Point VPN-1 Power VSX, InterSpect and Connectra security gateways have had the capability to mitigate such threats.

"Implementing workarounds for servers to protect against zero-day threats can be a cumbersome process, especially if the workaround requires restarting servers," said Oded Gonda, vice president of network security products at Check Point. "Through Check Point SmartDefense Services and single management console, protections against the latest threats can be implemented immediately with minimal disruption."

Check Point released a SmartDefense advisory and an IPS-1 update for the Oracle BEA WebLogic Server Apache Connector vulnerability. The advisory and IPS-1 update can be found at: www.checkpoint.com/defense/advisories/protected/2008/cpai-03-Aug.html . It includes additional information on the threat and a step-by-step explanation of how to configure the appropriate SmartDefense and IPS-1 protection to mitigate the threat.

Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point gateways. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For more information on SmartDefense go to www.checkpoint.com/defense