CVE-2021-0268Cross-site Scripting in Networks Junos OS

CWE-79Cross-site ScriptingCWE-113HTTP Request/Response SplittingCWE-120Classic Buffer OverflowCWE-74Injection4 documents4 sources
Severity
9.3CRITICALNVD
CNA8.8
EPSS
0.3%
top 49.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.8

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.118.1R3-S11+8
NVDjuniper/junos9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-cfvh-72c5-6hp5: An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffe2022-05-24
CVEList
Junos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks.2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0268: An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffe2021-04-22
CVE-2021-0268 — Cross-site Scripting | cvebase