CVE-2021-31380

CWE-16 CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 61.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks SRC Series Juniper Session AND Resource Control

Timeline

PublishedOct 19

Latest updateMay 24

Description

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5juniper_networks/src_seriesunspecified — 4.12.0R5+1

▶NVDjuniper/session_and_resource_control4.13.0r1 — 4.13.0r3+1

Patches

Patch: kb.juniper.net ↗Patch: kb.juniper.net ↗

🔴Vulnerability Details

GHSA

GHSA-6cv6-4x62-cqvr: A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a speciall↗2022-05-24

▶

CVEList

SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information↗2021-10-19

▶

📋Vendor Advisories

Juniper

CVE-2021-31380: A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a speciall↗2021-10-19

▶