CVE-2021-0250
published 2021-04-22CVE-2021-0250: In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2, This issue does not affect Junos OS releases prior to 17.4R1. This issue affects: Juniper Networks Junos OS Evolved 19.2-EVO versions prior to 19.2R2-EVO.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper | junos_os_evolved | — | — |
| juniper_networks | junos_os | >= 17.4 < 17.4R2-S6, 17.4R3 | 17.4R2-S6, 17.4R3 |
| juniper_networks | junos_os | >= 17.4R1 < unspecified | unspecified |
| juniper_networks | junos_os | >= 18.1 < 18.1R3-S7 | 18.1R3-S7 |
| juniper_networks | junos_os | >= 18.2 < 18.2R2-S6, 18.2R3-S3 | 18.2R2-S6, 18.2R3-S3 |
| juniper_networks | junos_os | >= 18.3 < 18.3R1-S7, 18.3R2-S3, 18.3R3 | 18.3R1-S7, 18.3R2-S3, 18.3R3 |
| juniper_networks | junos_os | >= 18.4 < 18.4R1-S5, 18.4R2-S3, 18.4R3 | 18.4R1-S5, 18.4R2-S3, 18.4R3 |
| juniper_networks | junos_os | >= 19.1 < 19.1R1-S4, 19.1R2 | 19.1R1-S4, 19.1R2 |
| juniper_networks | junos_os | >= 19.2 < 19.2R1-S3, 19.2R2 | 19.2R1-S3, 19.2R2 |
| juniper_networks | junos_os_evolved | >= 19.2-EVO < 19.2R2-EVO | 19.2R2-EVO |
GHSA
GHSA-jfx9-2fg4-366p: In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing P
ghsa_unreviewed·2022-05-24
CVE-2021-0250 [HIGH] GHSA-jfx9-2fg4-366p: In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing P
In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4
Juniper
CVE-2021-0250: In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing P
vendor_juniper·2021-04-22·CVSS 7.5
CVE-2021-0250 [HIGH] CVE-2021-0250: In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing P
CVE-2021-0250: In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5,
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error
bugzilla·2020-09-22·CVSS 5.3
CVE-2020-25640 [MEDIUM] CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error
CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error
A flaw was found in WildFly. Resource adapter logs plain text JMS password at warning level on connection error.
Discussion:
External References:
https://github.com/amqphub/amqp-10-resource-adapter/issues/13
---
Created wildfly tracking bugs for this issue:
Affects: fedora-all [bug 1882385]
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform
Via RHSA-2021:0250 https://access.redhat.com/errata/RHSA-2021:0250
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
Via RHSA-2021:0246 https://access.redhat.com/errata/RHSA-2021:0246
---
This issue has bee
Bugzilla
CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling
bugzilla·2020-09-15·CVSS 5.3
CVE-2020-25633 [MEDIUM] CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling
CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information in headers, cookies and body when the server got WebApplicationException from the RESTEasy client call.
Discussion:
Affected artifacts:
https://maven.repository.redhat.com/ga/org/jboss/resteasy/resteasy-client/
https://maven.repository.redhat.com/ga/org/jboss/resteasy/resteasy-client-microprofile/
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform
Via RHSA-2021:0250 https://access.redhat.com/errata/RHSA-2021:0250
---
This issue has
2021-04-22
Published