CVE-2021-31380

Published: Oct 19, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: sirt@juniper.net (Secondary)

Description

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.

Affected (2)

Products: Juniper: Session And Resource Control

1 product

Session And Resource Control

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Juniper Session And Resource Control	Before 4.12.0r5
Juniper Session And Resource Control	From 4.13.0r1 to 4.13.0r3

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://kb.juniper.net/JSA11248

Source: sirt@juniper.net

PatchVendor Advisory

https://kb.juniper.net/JSA11248

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.