Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
References
Link | Resource |
---|---|
http://kb.juniper.net/JSA10574 | Vendor Advisory |
http://www.securityfocus.com/bid/61125 | |
http://osvdb.org/95108 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-07-11 07:55
Updated : 2013-08-21 23:54
NVD link : CVE-2013-4685
Mitre link : CVE-2013-4685
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
juniper
- srx1400
- srx210
- srx5800
- srx3600
- srx100
- srx650
- junos
- srx240
- srx550
- srx110
- srx3400
- srx220
- srx5600