Lucene search

JuniperCVELIST:CVE-2021-31380

HistoryOct 19, 2021 - 6:17 p.m.

CVE-2021-31380 SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information

2021-10-1918:17:21

CWE-200

CWE-16

juniper

www.cve.org

cve-2021-31380

src series

remote attacker

disclose sensitive information

jboss application server

juniper networks

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.

CNA Affected

[
  {
    "product": "SRC Series",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "4.12.0R5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.13.0R3",
        "status": "affected",
        "version": "4.13.0",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11248

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Related for CVELIST:CVE-2021-31380