Description
Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.
Affected products
- checkpoint / firewall-13.0 – 3.0
- checkpoint / firewall-14.0 – 4.0