Vulnerability Note VU#480428
Juniper ScreenOS is vulnerable to a denial of service from malformed SSL packets
Juniper ScreenOS 6.3, and possibly earlier versions, is vulnerable to a denial of service from malformed SSL packets.
Juniper ScreenOS 6.3, and possibly earlier versions, is vulnerable to a denial of service from malformed SSL packets. Additional details may be found in Juniper security advisory JSA10624.
A remote unauthenticated attacker may be able to produce an extended denial of service against a ScreenOS firewall by repeatedly sending malformed SSL/TLS packets to the device.
Juniper security advisory JSA10624 recommends the following workaround.
This issue is completely mitigated when WebUI (SSL) and WebAuth (SSL) is disabled.
Disabling SSL WebUI (HTTPS) is part of our best practices, as mentioned in KB29016.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Juniper Networks, Inc.||Affected||-||16 May 2014|
CVSS Metrics (Learn More)
Thanks to David Klein of DHK Enterprises for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2014-2842
- Date Public: 16 Apr 2014
- Date First Published: 16 May 2014
- Date Last Updated: 16 May 2014
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.