EUVD-2021-2915

Malicious code in bioql PyPI...

CVE-2021-0296

The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security HSTS. HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade...

Design/Logic Flaw

The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security HSTS. HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade...

CVE-2021-0296

The CVE-2021-0296 entry concerns Juniper Networks CTPView server not enforcing HTTP Strict Transport Security (HSTS). Affected versions are Juniper CTPView 7.3 before 7.3R7 and 9.1 before 9.1R3. Root cause: lack of HSTS header enforcement, which can enable downgrade attacks, SSL-stripping MITM, a...

CVE-2021-0296 CTPView: HSTS not being enforced on CTPView server.

The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security HSTS. HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade...

Juniper Networks CtpView输入验证错误漏洞

Juniper Networks CtpView is a network management system from Juniper Networks, Inc. It is used to enable managers to deploy circuits while monitoring the network. An input validation error vulnerability exists in the CTPView server that stems from the product's failure to implement HSTS detection...

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisori...