This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
biskit
Advisor
‎2021-02-22 09:56 AM
Jump to solution

IPS Protection advice

My customer's latest pen test report flags two issues.  They've asked whether their IPS can protect against these.  I've searched everything I can think of and can't find anything that seems relevant.

I've had similar questions in the past and raised SR's to ask.  I'm pretty much always told they can't help because there is no CVE ref number.  Useful 😶.  So this time I thought I'd ask here first as I pretty much already know what TAC will say.

Has anyone got any thoughts on how CP would protect against these?  IPS or otherwise...  This is the only info given to me at this point.

  • CGI Generic Path Traversal (write test)  -  References XREF OWASP:OWASP-AZ-001
  • CGI Generic XML Injection  -  References XREF OWASP:OWASP-DV-008 XREF CWE:91 XREF CWE:713 XREF CWE:722 XREF CWE:727 XREF CWE:810 XREF CWE:928 XREF CWE:929
0 Kudos
1 Solution

Accepted Solutions
Mario_Zuker
Employee
Employee
‎2021-02-28 02:55 AM
Jump to solution

OWASP-AZ-001: should be blocked by core protection “Directory Traversal”

OWASP-DV-008  CGI Generic XML Injection:  should be handled by “Multiple Products XML System External Entity Information Disclosure” https://www.checkpoint.com/defense/advisories/public/2014/cpai-16-jun1.html/

 

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-02-25 11:16 PM
Jump to solution

Pretty sure path traversal is one of our standard IPS signatures.
Not sure about the XML injection thing, will ask.

Mario_Zuker
Employee
Employee
‎2021-02-28 02:55 AM
Jump to solution

OWASP-AZ-001: should be blocked by core protection “Directory Traversal”

OWASP-DV-008  CGI Generic XML Injection:  should be handled by “Multiple Products XML System External Entity Information Disclosure” https://www.checkpoint.com/defense/advisories/public/2014/cpai-16-jun1.html/

 

0 Kudos
biskit
Advisor
‎2021-03-15 09:47 AM
In response to Mario_Zuker
Jump to solution

Perfect, thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    li.common.scroll-to.top