"value":"The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash.\n\nThis issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled.\n\nAffected releases are Juniper Networks Junos OS:\n12.3X48 versions prior to 12.3X48-D85 on SRX Series;\n15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series;\n17.3 versions on SRX Series;\n17.4 versions prior to 17.4R1-S8, 17.4R2-S5, 17.4R3 on SRX Series;\n18.1 versions prior to 18.1R3-S6 on SRX Series;\n18.2 versions prior to 18.2R2-S1, 18.2R3 on SRX Series;\n18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX Series;\n18.4 versions prior to 18.4R1-S1, 18.4R2 on SRX Series.\n"
}
]
},
"exploit":[
{
"lang":"eng",
"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"value":"CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references":{
"reference_data":[
{
"name":"https://kb.juniper.net/JSA10946",
"refsource":"CONFIRM",
"url":"https://kb.juniper.net/JSA10946"
}
]
},
"solution":[
{
"lang":"eng",
"value":"The following software releases have been updated to resolve this specific issue: 12.3X48-D85, 12.3X48-D90, 15.1X49-D181, 15.1X49-D190, 17.4R1-S8, 17.4R2-S5, 17.4R3, 18.1R3-S6, 18.2R2-S1, 18.2R3, 18.3R1-S2, 18.3R2, 18.4R1-S1, 18.4R2, 19.1R1, 19.2R1, and all subsequent releases.\n"
}
],
"source":{
"advisory":"JSA10946",
"defect":[
"1406403"
],
"discovery":"USER"
},
"work_around":[
{
"lang":"eng",
"value":"This issue can be mitigated by enabling HTTP reassembly in the web-filtering configuration:\n\n set security utm default-configuration web-filtering http-reassemble\n"
