PT-2014-4879 · Juniper Networks · Junos
Published
2014-04-14
·
Updated
2014-04-15
·
CVE-2014-2714
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Junos versions prior to 10.4R15
Junos versions 11.4 prior to 11.4R9
Junos versions 12.1 prior to 12.1R7
Junos versions 12.1X44 prior to 12.1X44-D20
Junos versions 12.1X45 prior to 12.1X45-D10
Junos versions 12.1X46 prior to 12.1X46-D10
Description
The issue allows remote attackers to cause a denial of service via a crafted URL, resulting in the flow daemon crashing and restarting. This is related to the Enhanced Web Filtering (EWF) in Juniper Junos, as used in the SRX Series services gateways.
Recommendations
For versions prior to 10.4R15, update to 10.4R15 or later.
For versions 11.4 prior to 11.4R9, update to 11.4R9 or later.
For versions 12.1 prior to 12.1R7, update to 12.1R7 or later.
For versions 12.1X44 prior to 12.1X44-D20, update to 12.1X44-D20 or later.
For versions 12.1X45 prior to 12.1X45-D10, update to 12.1X45-D10 or later.
For versions 12.1X46 prior to 12.1X46-D10, update to 12.1X46-D10 or later.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos