Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Apache Header Injection Vulnerability

Subscribe

Check Point Reference: CPAI-2006-060
Date Published:
Severity:
Last Updated:
Source: SecurityFocus
Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
  • NG with Application Intelligence R54
VSX
  • NGX
InterSpect
  • NGX
  • 2.0 and 1.x
Who is Vulnerable?
Apache 1.3.34/2.0.57/2.2.1
Vulnerability Description
A flaw has been identified in Apache 1.3.34/2.0.57/2.2.1. The flaw specifically exists in the Expect header. Attackers can exploit This flaw by appending malformed Expect headers in outgoing HTTP requests and redirect users to Web sites of their choice.
Update/Patch Available
This issue has been corrected in latest Apache versions 1.3.35/2.0.58/2.2.2.
Vulnerability Details
Attackers can leverage this flaw to inject HTML code through the Expect header.

Protection Overview
The update blocks the vulnerability based on a unique HTTP header pattern.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
All in all, the update includes the following protections:

Adobe Reader Extensions Protection (CPAI-2006-056)
osCommerce SQL Injection Protection (CPAI-2006-057)
Ipswitch WhatsUp Professional Multiple Vulnerabilities Protection (CPAI-2006-058)
SAP Business Connector Protection (CPAI-2006-059)
Apache Header Injection Protection (CPAI-2006-060)
MS ISA Server 2004 Manipulation Protection (CPAI-2006-061)

VPN-1 NGX R61

How Can I Protect My Network?
1. Update SmartDefense: Click the SmartDefense Services tab, click Download Updates and then click the Online Update button.
2. In the Web Intelligence tree, click HTTP Protocol Inspection > Header Rejection and enable the following pattern:

Apache Header Injection Vulnerability

3. Install policy on all modules. 

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information: Apache Header Injection Vulnerability

VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click HTTP Protocol Inspection > Header Rejection.
3. Enable the following pattern:

Apache Header Injection Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information:  Apache Header Injection Vulnerability

VPN-1 NG with Application Intelligence R55/R54

How Can I Protect My Network?
1. Update SmartDefense by clicking Update Now in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > Web > Peer to Peer.
3. In the Header Detection table, enable the following pattern:

Apache Header Injection Vulnerability

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information: Apache Header Injection Vulnerability

VPN-1 VSX NGX

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click HTTP Protocol Inspection > Header Rejection and enable the following pattern:

Apache Header Injection Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information: Apache Header Injection Vulnerability 
 
 

InterSpect NGX

How Can I Protect My Network?
1. Update SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.  
3. In the Web Intelligence tree, click HTTP Protocol Inspection > Header Rejection and enable the following pattern:

Apache Header Injection Vulnerability

4. Install policy on all modules. 

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information: Apache Header Injection Vulnerability

InterSpect 2.0

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > Web > HTTP Protocol Inspection > Peer to Peer.
3. In the Headers Detection table, enable the following pattern:

Apache Header Injection Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information: Apache Header Injection Vulnerability