{"containers": {"cna": {"affected": [{"product": "SRC Series", "vendor": "Juniper Networks", "versions": [{"lessThan": "4.12.0R5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "4.13.0R3", "status": "affected", "version": "4.13.0", "versionType": "custom"}]}], "datePublic": "2021-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-16", "description": "CWE-16 Configuration", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-19T18:17:21", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11248"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."}], "source": {"advisory": "JSA11248", "defect": ["1487222"], "discovery": "USER"}, "title": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-10-13T16:00:00.000Z", "ID": "CVE-2021-31380", "STATE": "PUBLIC", "TITLE": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SRC Series", "version": {"version_data": [{"version_affected": "<", "version_value": "4.12.0R5"}, {"version_affected": "<", "version_name": "4.13.0", "version_value": "4.13.0R3"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-16 Configuration"}]}, {"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11248", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11248"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."}], "source": {"advisory": "JSA11248", "defect": ["1487222"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:55:53.961Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA11248"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-31380", "datePublished": "2021-10-19T18:17:21.571211Z", "dateReserved": "2021-04-15T00:00:00", "dateUpdated": "2024-09-16T18:28:42.778Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:session_and_resource_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B3DEF7F-E8BF-4BB8-9989-8D4CFAE5539A", "versionEndExcluding": "4.12.0r5", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:session_and_resource_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "0478F1B6-0A80-4CE2-9AF5-251A02BBAC5F", "versionEndExcluding": "4.13.0r3", "versionStartIncluding": "4.13.0r1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information."}, {"lang": "es", "value": "Una debilidad de configuraci\u00f3n en el componente JBoss Application Server (AppSvr) de Juniper Networks SRC Series permite a un atacante remoto enviar una consulta especialmente dise\u00f1ada para causar que el servidor web revele informaci\u00f3n confidencial en la respuesta HTTP, lo que permite al atacante conseguir informaci\u00f3n confidencial"}], "id": "CVE-2021-31380", "lastModified": "2024-11-21T06:05:33.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2021-10-19T19:15:11.133", "references": [{"source": "sirt@juniper.net", "tags": ["Patch", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA11248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA11248"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}, {"lang": "en", "value": "CWE-200"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}