Junos Buffer Overflow When Processing HTTP Messages Network Vulnerability

Summary

Buffer Overflow in flowd when processing HTTP protocol messages

Impact

A remote attacker may execute arbitrary code using crafted HTTP requests.

Solution

New builds of Junos OS software are available from Juniper.

Insight

A buffer overflow vulnerability affects the flowd process while processing HTTP protocol messages. This issue can be triggered when the SRX Series device is acting as a Unified Access Control (UAC) enforcer in a UAC network with Captive Portal enabled.

Affected

Junos OS on SRX Series running 10.4, 11.4 12.1, or 12.1X44.

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10574
http://www.securityfocus.com/bid/61125

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4685

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Junos Web Filtering Denial of Service Vulnerability
Junos PIM Handling DoS Vulnerability
Junos BGP FlowSpec Denial of Service Vulnerability
Junos Buffer Overflow when Processing HTTP Messages
Junos JPPPD Denial of Service Vulnerability

Take action and discover your vulnerabilities