This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Maciej_Maczka
Contributor
‎2020-02-07 06:36 AM

IPS Signature CVE-2020-0601

Hi,

 

Did you manage to trigger CVE-2020-0601 IPS protection?

I tried using

- Check Point R80.30

- strict and optimised profile

- with and without SSL Inspection

- using vulnerable OS

- Test page: http://testcve.kudelskisecurity.com/

 

Results:

Without SSL inspection is unable to detect attack.

With SSL inspection I have: Internal system error in HTTPS Inspection (Error Code: 2), Bypassing request as configured in engine settings of HTTPS Inspection

 

Does somebody know what conndition have to be meet to trigger this IPS protection?

 

Best Regards

Maciej

 

 

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2020-02-11 04:14 PM

HTTPS Inspection should fail the connection if it performs validation on the certificate (unless you've explicitly disabled that feature).
But perhaps what's happening is it's encountering something unexpected and "failing open" as a result.
Either way, it's puzzling and a TAC case should probably be opened.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events