Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-0052— SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets

EPSS 0.35% · P58
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-0052

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets
Source: NVD (National Vulnerability Database)
Vulnerability Description
The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled. Affected releases are Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 17.3 versions on SRX Series; 17.4 versions prior to 17.4R1-S8, 17.4R2-S5, 17.4R3 on SRX Series; 18.1 versions prior to 18.1R3-S6 on SRX Series; 18.2 versions prior to 18.2R2-S1, 18.2R3 on SRX Series; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on SRX Series.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不恰当的资源关闭或释放
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS(SRX Series)中存在安全漏洞。攻击者可利用该漏洞造成srxpfe进程崩溃。以下产品及版本受到影响:Juniper Networks Junos OS 12.3X48版本,15.1X49版本,17.3版本,17.4版本,18.1版本,18.2版本,18
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS 12.3X48 versions prior to 12.3X48-D85 on SRX Series -

II. Public POCs for CVE-2019-0052

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-0052

登录查看更多情报信息。

Same Patch Batch · Juniper Networks · 2019-07-11 · 5 CVEs total

CVE-2019-0046Junos OS: EX4300 Series: Denial of Service upon receipt of large number of specific valid
CVE-2019-0048EX4300 Series: When a firewall filter is applied to a loopback interface, other firewall f
CVE-2019-0049Junos OS: RPD process crashes when BGP peer restarts
CVE-2019-0053Junos OS: Insufficient validation of environment variables in telnet client may lead to st

IV. Related Vulnerabilities

Same product: Junos OS
Same vendor: Juniper Networks
Same weakness: CWE-404

V. Comments for CVE-2019-0052

No comments yet

Leave a comment