Juniper Junos J-Web URL Encoding Heap-Based Buffer Overflow (PSN-2013-01-807)

critical Nessus Plugin ID 63519

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version number, the remote Junos device has a heap-based buffer overflow in the J-Web component. Sending an unspecified request related to URL encoding can corrupt heap memory. A remote, unauthenticated attacker could exploit this to execute arbitrary code.

Solution

Apply the relevant Junos upgrade referenced in Juniper advisory PSN-2013-01-807.

See Also

http://www.nessus.org/u?f7cc8b6e

Plugin Details

Severity: Critical

ID: 63519

File Name: juniper_psn-2013-01-807.nasl

Version: 1.8

Type: combined

Published: 1/14/2013

Updated: 8/10/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/model, Host/Juniper/JUNOS/Version

Patch Publication Date: 1/9/2013

Vulnerability Publication Date: 1/9/2013