Description
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/JSA10574
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61125
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/95108
Scores
EPSS
0.0749
EPSS Percentile
91.9%
Details
CWE
CWE-119
Status
published
Products (16)
juniper/junos
10.4
juniper/junos
11.4
juniper/junos
12.1
juniper/junos
12.1x44
juniper/srx100
juniper/srx110
juniper/srx1400
juniper/srx210
juniper/srx220
juniper/srx240
... and 6 more
Published
Jul 11, 2013
Tracked Since
Feb 18, 2026