mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
179 lines
8.2 KiB
JSON
179 lines
8.2 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "sirt@juniper.net",
|
|
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
|
|
"ID": "CVE-2021-0227",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Junos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Junos OS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "17.3",
|
|
"version_value": "17.3R3-S9"
|
|
},
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "17.4",
|
|
"version_value": "17.4R2-S11, 17.4R3-S2"
|
|
},
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "18.2",
|
|
"version_value": "18.2R3-S5"
|
|
},
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "18.3",
|
|
"version_value": "18.3R2-S4, 18.3R3-S3"
|
|
},
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "18.4",
|
|
"version_value": "18.4R2-S5, 18.4R3-S4"
|
|
},
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.1",
|
|
"version_value": "19.1R3-S2"
|
|
},
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.2",
|
|
"version_value": "19.2R1-S5, 19.2R3"
|
|
},
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.3",
|
|
"version_value": "19.3R3"
|
|
},
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.4",
|
|
"version_value": "19.4R2-S1, 19.4R3"
|
|
},
|
|
{
|
|
"platform": "SRX Series",
|
|
"version_affected": "<",
|
|
"version_name": "20.1",
|
|
"version_value": "20.1R1-S2, 20.1R2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Juniper Networks"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"configuration": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The examples of the config stanza affected by this issue:\n\n [system services web-management]\n [system services web-management https]\n [security dynamic-vpn]"
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Junos OS on SRX Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2;"
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
|
|
}
|
|
],
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Denial of Service (DoS)"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://kb.juniper.net/JSA11122",
|
|
"name": "https://kb.juniper.net/JSA11122"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n"
|
|
}
|
|
],
|
|
"source": {
|
|
"advisory": "JSA11122",
|
|
"defect": [
|
|
"1503557"
|
|
],
|
|
"discovery": "INTERNAL"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
|
|
}
|
|
]
|
|
} |