Knowledge Search


×
 

2019-07 Security Bulletin: Junos OS: J-Web Denial of Service due to multiple vulnerabilities in Embedthis Appweb Server

  [JSA10948] Show Article Properties


Product Affected:
This issue affects all products and platforms running Junos OS with J-Web enabled.
Problem:

Multiple vulnerabilities exist in the Embedthis Appweb server, used by J-Web, related to the way the server mishandles some HTTP headers and request fields. These issues may result in a Denial of Service (DoS) for the J-Web graphical user interface.

These issues affect Juniper Networks Junos OS:

  • 12.3 versions prior to 12.3R12-S14;
  • 12.3X48 versions prior to 12.3X48-D80;
  • 15.1 versions prior to 15.1F6-S13, 15.1R7-S4;
  • 15.1X49 versions prior to 15.1X49-D170;
  • 15.1X53 versions prior to 15.1X53-D497;
  • 16.1 versions prior to 16.1R4-S13, 16.1R7-S5;
  • 16.2 versions prior to 16.2R2-S10;
  • 17.1 versions prior to 17.1R3;
  • 17.2 versions prior to 17.2R2-S7, 17.2R3-S1;
  • 17.3 versions prior to 17.3R3-S5;
  • 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3;
  • 18.1 versions prior to 18.1R3-S5.


Important security issues resolved include:

CVE CVSS Summary
CVE-2018-15504 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.
 
Solution:

The following software releases have been updated to resolve this specific issue: 12.3R12-S14*, 12.3X48-D80, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.2R3-S1, 17.3R3-S5, 17.4R1-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5, 18.2R1, and all subsequent releases.

*Late availability

This issue is being tracked as PR 1345330 which is visible on the Customer Support website.
 

Workaround:
Disable J-Web, or limit access to only trusted hosts.
 
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/.
 
Modification History:
  • ‚Äč2019-07-10: Initial Publication
    
    
Related Links:
CVSS Score:
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."