PT-2018-1143 · Php+1 · Php+1
Published
2018-01-10
·
Updated
2018-02-23
·
CVE-2018-0001
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to 12.1X46-D67
Junos OS versions prior to 12.3R12-S5
Junos OS versions prior to 12.3X48-D35
Junos OS versions prior to 14.1R8-S5
Junos OS versions prior to 14.1R9
Junos OS versions prior to 14.1X53-D44
Junos OS versions prior to 14.1X53-D50
Junos OS versions prior to 14.2R7-S7
Junos OS versions prior to 14.2R8
Junos OS versions prior to 15.1R3
Junos OS versions prior to 15.1X49-D30
Junos OS versions prior to 15.1X53-D70
Description
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. The vulnerability in the J-Web interface of the Junos operating system is related to the use of memory after it has been freed.
Recommendations
For versions prior to 12.1X46-D67, update to 12.1X46-D67 or later.
For versions prior to 12.3R12-S5, update to 12.3R12-S5 or later.
For versions prior to 12.3X48-D35, update to 12.3X48-D35 or later.
For versions prior to 14.1R8-S5, update to 14.1R8-S5 or later.
For versions prior to 14.1R9, update to 14.1R9 or later.
For versions prior to 14.1X53-D44, update to 14.1X53-D44 or later.
For versions prior to 14.1X53-D50, update to 14.1X53-D50 or later.
For versions prior to 14.2R7-S7, update to 14.2R7-S7 or later.
For versions prior to 14.2R8, update to 14.2R8 or later.
For versions prior to 15.1R3, update to 15.1R3 or later.
For versions prior to 15.1X49-D30, update to 15.1X49-D30 or later.
For versions prior to 15.1X53-D70, update to 15.1X53-D70 or later.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos
Php