Vulnerabilities > CVE-2014-0618 - Unspecified vulnerability in Juniper products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN juniper
nessus
Summary
Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 5 | |
| Hardware | 12 |
Nessus
| NASL family | Junos Local Security Checks |
| NASL id | JUNIPER_JSA10611.NASL |
| description | According to its self-reported version number, the remote Juniper Junos SRX series device is affected by a denial of service vulnerability in the flow daemon (flowd) when handling certain valid HTTP protocol messages. A remote attacker can exploit this to crash the device. Note that this issue only affects devices configured as a Unified Access Control (UAC) enforcer in a UAC network with Captive Portal authentication enabled. |
| last seen | 2019-10-28 |
| modified | 2014-01-16 |
| plugin id | 72000 |
| published | 2014-01-16 |
| reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/72000 |
| title | Juniper Junos SRX Series flowd Remote DoS (JSA10611) |
References
- http://osvdb.org/101864
- http://osvdb.org/101864
- http://www.securityfocus.com/bid/64769
- http://www.securityfocus.com/bid/64769
- http://www.securitytracker.com/id/1029584
- http://www.securitytracker.com/id/1029584
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90238
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90238
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10611
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10611