HIGH🇬🇧 English

CVE-2021-0268

CVSS 8.8v3.1pub. 2021-04-22upd. 2024-11-21

An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
  • Juniper Junos

    OS
    Juniper
    18.118.218.318.419.119.219.319.420.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSSMemory
CWE
Referencje

Powiązane podatności

CVE-2023-36845CRITICAL9.8⚠ KEVten sam produkt

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...

CVE-2024-21591CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root

CVE-2021-0248CRITICAL10.0ten sam produkt

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...

CVE-2021-0254CRITICAL9.8ten sam produkt

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...

CVE-2021-0211CRITICAL10.0ten sam produkt

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...