Hello, The CERT advisory for this vulnerability says that in order to mitigate this risk one can disable the HTTP security server, install a patch, or on AI enforcement points you can disable AI: "Check Point has reported that their products are only affected by this vulnerability if the HTTP Security Servers feature is enabled. Therefore, affected sites may be able to limit their exposure to this vulnerability by disabling HTTP Security Servers or the Application Intelligence component, as appropriate." Since I am new to AI, is there just a *component* of AI that should be turned off, or do you have to turn off AI completely?
The way I interpreted this is that only one of the two enforcement types in the AI protocol inspection configuration is vulnerable. Strict Protocol enforcement will forward to the security server and is therefore vulnerable. The Optimized Protocol Enforcement forwards to the kernel which appears to be OK.
