CVE-2000-0116
published 2000-01-29CVE-2000-0116: Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front…
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.48%
82.6th percentile
Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkpoint | firewall-1 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improper Handling of Additional Special Element
mitre_cwe
CWE-167 Improper Handling of Additional Special Element
CWE-167: Improper Handling of Additional Special Element
The product receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
Developers should anticipate that extra special elements will be injected in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
[Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any i
CWE
Doubled Character XSS Manipulations
mitre_cwe
CWE-85 Doubled Character XSS Manipulations
CWE-85: Doubled Character XSS Manipulations
The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Read Application Data, Execute Unauthorized Code or Commands.
Potential Mitigations:
[Implementation] Resolve all filtered input to absolute or canonical representations before processing.
[Implementation] Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes,
CWE
Improper Handling of Invalid Use of Special Elements
mitre_cwe
CWE-159 Improper Handling of Invalid Use of Special Elements
CWE-159: Improper Handling of Invalid Use of Special Elements
The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
Developers should anticipate that special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
[Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of accep
2000-01-29
Published