This article provides information on how to check the details and description of an attack on a SRX device.
Run the following commands to check the details and description of an attack:
For example,
HTTP:LINUX:REDHAT-ACCEPT-LANG:
[edit]
root@srx> show security idp attack detail HTTP:LINUX:REDHAT-ACCEPT-LANG
Display Name: HTTP: Red Hat Directory Server Accept-Language HTTP Header Parsing Buffer Overflow
Severity: Major
Category: HTTP
Recommended: true
Recommended Action: Drop
Type: chain
False Positives: unknown
Service: HTTP
[edit]
root@srx> show security idp attack description HTTP:LINUX:REDHAT-ACCEPT-LANG
Description:
This signature detects the attempts to exploit a known vulnerability in the Red Hat directory server. It is due to improper data validation in the Administrator Web Interface component. A remote attacker can trigger this by sending a crafted HTTP request to the affected service, which potentially injects and executes arbitrary code with root level privileges.
In a successful sophisticated code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code. The code, in such a case, will be executed within the security context of the affected service. In an attack case, in which code injection is not successful, the affected CGI application is abnormally terminated.
For more information (such as Attack DB update number and Release date), refer to the following link:
http://services.netscreen.com/documentation/signatures/