SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information
CVE-2021-31380

5.3MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Src Series
Vendor: CVE Published:; 19 October 2021

Badges

👾 Exploit Exists

Summary

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.

Affected Version(s)

SRC Series < 4.12.0R5

SRC Series 4.13.0 < 4.13.0R3

References

https://kb.juniper.net/JSA11248

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 16, 2024
Vulnerability published
Oct 19, 2021
Vulnerability Reserved
Apr 15, 2021