Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX/IDP] How to check the details and description of a particular attack on SRX

0

0

Article ID: KB26868 KB Last Updated: 05 Mar 2017Version: 2.0
Summary:
This article provides information on how to check the details and description of an attack on a SRX device.
Symptoms:
  • How to find the recommended action of a particular attack?

  • What is the severity of this attack?
Cause:

Solution:
Run the following commands to check the details and description of an attack:

For example, HTTP:LINUX:REDHAT-ACCEPT-LANG:
[edit]
root@srx> show security idp attack detail HTTP:LINUX:REDHAT-ACCEPT-LANG
Display Name: HTTP: Red Hat Directory Server Accept-Language HTTP Header Parsing Buffer Overflow
Severity: Major
Category: HTTP
Recommended: true
Recommended Action: Drop
Type: chain
False Positives: unknown
Service: HTTP

[edit]
root@srx> show security idp attack description HTTP:LINUX:REDHAT-ACCEPT-LANG
Description:

This signature detects the attempts to exploit a known vulnerability in the Red Hat directory server. It is due to improper data validation in the Administrator Web Interface component. A remote attacker can trigger this by sending a crafted HTTP request to the affected service, which potentially injects and executes arbitrary code with root level privileges.

In a successful sophisticated code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code. The code, in such a case, will be executed within the security context of the affected service. In an attack case, in which code injection is not successful, the affected CGI application is abnormally terminated.

For more information (such as Attack DB update number and Release date), refer to the following link:

http://services.netscreen.com/documentation/signatures/
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search