HTTP: JavaScript Engine Speculative Execution JIT Information Disclosure
This signature detects attempts to exploit a known vulnerability against multiple JavaScript engines running on Intel,AMD and ARM processors.Successful exploitation will result in information disclosed under the security context of the JavaScript Virtual machine process.
Extended Description
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Affected Products
Intel core_i7
References
BugTraq: 102371
CVE: CVE-2017-5753
URL: https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html
Short Name
HTTP:STC:SCRIPT:SE-SPECTRE-INFO
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-5753 Disclosure Engine Execution Information JIT JavaScript Speculative bid:102371
Release Date
01/23/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3726
False Positive
Unknown
Vendors
Suse
Intel
Synology
Opensuse
Oracle
Canonical
Netapp
Debian
Vmware
Pepperl-fuchs
CVSS Score
4.7