GEN:SID 1:2381
Message WEB-MISC schema overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in Checkpoint Firewall-1
Impact Serious. Unauthorized administrative access to the firewall
Detailed Information A vulnerability exists in Checkpoint Firewall-1 that may allow a remote
attacker to gain control of the firewall. The issues lies in the
handling of HTTP requests by the Security Server and Application
Intelligence modules of the Firewall's administration console.

By supplying a malformed scheme in a URI an attacker may present the
attacker with the opportunity to send data of their choosing to the
sprintf() system call.
Affected Systems Checkpoint Firewall-1
    
Attack Scenarios An attacker must supply specially crafted packets containing malformed
URI schema with the data they wish to send to the sprintf() function.
This may then present the attacker with administrative privileges on the
server.
Ease of Attack Moderate.
Corrective Action Disallow external access to the Firewall-1 administrative interface.

Disable the Web interface to the firewall if possible
Additional References  
Rule References bugtraq: 9581
cve: 2004-0039
nessus: 12084