CVE-2021-31381

CWE-16 CWE-200 — Information Exposure4 documents4 sources

Severity

9.1CRITICAL

EPSS

0.7%

top 27.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks SRC Series Juniper Session AND Resource Control

Timeline

PublishedOct 19

Latest updateMay 24

Description

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5juniper_networks/src_seriesunspecified — 4.12.0R5+1

▶NVDjuniper/session_and_resource_control4.13.0r1 — 4.13.0r3+1

Patches

Patch: kb.juniper.net ↗Patch: kb.juniper.net ↗

🔴Vulnerability Details

GHSA

GHSA-7wfg-7xjc-w75v: A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a speciall↗2022-05-24

▶

CVEList

SRC Series: A remote attacker sending a specially crafted query may cause the web server to delete files↗2021-10-19

▶

📋Vendor Advisories

Juniper

CVE-2021-31381: A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a speciall↗2021-10-19

▶