Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-012
Vulnerability from certfr_avis - Published: 2017-01-12 - Updated: 2017-01-12
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Juniper QFX3500, QFX3600, QFX5100, QFX5200, EX4300 et EX4600 exécutant Junos OS avec des versions antérieures à 4.1X53-D40, 15.1X53-D40, 15.1R2 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 16.1R1 | ||
| Juniper Networks | Junos OS | Tout produit Juniper avec RIP activé et exécutant Junos OS avec des versions antérieures à 12.1X46-D50, 12.1X47-D40, 12.3R13, 12.3X48-D30, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D35, 14.1X55-D35, 14.2R5, 15.1F6, 15.1R3, 15.1X49-D30, 15.1X49-D40, 15.1X53-D35, 16.1R1 | ||
| Juniper Networks | Junos OS | Tout produit Juniper exécutant Junos OS avec des versions antérieures à 12.1X46-D55, 12.1X47-D45, 12.3R13, 12.3X48-D35, 13.3R10, 14.1R8, 14.1X53-D40, 14.1X55-D35, 14.2R6, 15.1R1, 15.1X49-D20 | ||
| Juniper Networks | Junos OS | Tout produit Juniper avec DHCPv6 activé et exécutant Junos OS avec des versions antérieures à 11.4R13-S3, 12.1X46-D60, 12.3R12-S2, 12.3R13, 12.3X48-D40, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D12, 14.1X53-D35, 14.1X55-D35, 14.2R7, 15.1F6, 15.1R3, 15.1X49-D60, 15.1X53-D30, 16.1R1 | ||
| Juniper Networks | Junos OS | Juniper SRX Series Services Gateway chassis cluster avec PIM activé exécutant Junos OS avec des versions antérieures à 12.1X46-D65, 12.3X48-D40, 15.1X49-D60 | ||
| Juniper Networks | N/A | Juniper NSM3000, NSM4000 et NSMExpress sans le correctif de sécurité NSM Appliance Upgrade Package v3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper QFX3500, QFX3600, QFX5100, QFX5200, EX4300 et EX4600 ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 4.1X53-D40, 15.1X53-D40, 15.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 16.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tout produit Juniper avec RIP activ\u00e9 et ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 12.1X46-D50, 12.1X47-D40, 12.3R13, 12.3X48-D30, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D35, 14.1X55-D35, 14.2R5, 15.1F6, 15.1R3, 15.1X49-D30, 15.1X49-D40, 15.1X53-D35, 16.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tout produit Juniper ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 12.1X46-D55, 12.1X47-D45, 12.3R13, 12.3X48-D35, 13.3R10, 14.1R8, 14.1X53-D40, 14.1X55-D35, 14.2R6, 15.1R1, 15.1X49-D20",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tout produit Juniper avec DHCPv6 activ\u00e9 et ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 11.4R13-S3, 12.1X46-D60, 12.3R12-S2, 12.3R13, 12.3X48-D40, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D12, 14.1X53-D35, 14.1X55-D35, 14.2R7, 15.1F6, 15.1R3, 15.1X49-D60, 15.1X53-D30, 16.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper SRX Series Services Gateway chassis cluster avec PIM activ\u00e9 ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 12.1X46-D65, 12.3X48-D40, 15.1X49-D60",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper NSM3000, NSM4000 et NSMExpress sans le correctif de s\u00e9curit\u00e9 NSM Appliance Upgrade Package v3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2310",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2310"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2017-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2304"
},
{
"name": "CVE-2016-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
},
{
"name": "CVE-2015-6563",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
},
{
"name": "CVE-2015-6564",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2017-2308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2308"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-2303",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2303"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2016-1907",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
},
{
"name": "CVE-2015-6565",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2017-2300",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2300"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2017-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2307"
},
{
"name": "CVE-2016-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
},
{
"name": "CVE-2015-8104",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
},
{
"name": "CVE-2016-6515",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
},
{
"name": "CVE-2015-5366",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5366"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2015-5364",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-5573",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5573"
},
{
"name": "CVE-2015-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
},
{
"name": "CVE-2017-2302",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2302"
},
{
"name": "CVE-2017-2306",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2306"
},
{
"name": "CVE-2015-5307",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2017-2305",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2305"
},
{
"name": "CVE-2017-2311",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2311"
},
{
"name": "CVE-2017-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2309"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
}
],
"initial_release_date": "2017-01-12T00:00:00",
"last_revision_date": "2017-01-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10770 du 11 janvier 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10770\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10772 du 11 janvier 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10772\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10773 du 11 janvier 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10773\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10774 du 11 janvier 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10774\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10771 du 11 janvier 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10771\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10769 du 11 janvier 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10769\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10768 du 11 janvier 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10768\u0026cat=SIRT_1\u0026actp=LIST"
}
],
"reference": "CERTFR-2017-AVI-012",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-01-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10771 du 11 janvier 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10774 du 11 janvier 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10769 du 11 janvier 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10773 du 11 janvier 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10772 du 11 janvier 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10770 du 11 janvier 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10768 du 11 janvier 2017",
"url": null
}
]
}
CVE-2016-5573 (GCVE-0-2016-5573)
Vulnerability from cvelistv5 – Published: 2016-10-25 14:00 – Updated: 2024-10-10 18:24
VLAI
EPSS
Summary
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2016/dsa-3707 | vendor-advisoryx_refsource_DEBIAN |
| https://security.netapp.com/advisory/ntap-2016101… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2659.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2136.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2079.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/93628 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-3130-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2137.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2138.html | vendor-advisoryx_refsource_REDHAT |
| https://security.gentoo.org/glsa/201701-43 | vendor-advisoryx_refsource_GENTOO |
| http://rhn.redhat.com/errata/RHSA-2016-2090.html | vendor-advisoryx_refsource_REDHAT |
| https://security.gentoo.org/glsa/201611-04 | vendor-advisoryx_refsource_GENTOO |
| http://rhn.redhat.com/errata/RHSA-2017-0061.html | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:1216 | vendor-advisoryx_refsource_REDHAT |
| http://www.ubuntu.com/usn/USN-3154-1 | vendor-advisoryx_refsource_UBUNTU |
| http://rhn.redhat.com/errata/RHSA-2016-2089.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1037040 | vdb-entryx_refsource_SECTRACK |
| http://rhn.redhat.com/errata/RHSA-2016-2088.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2658.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2016-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:57.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3707",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3707"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
},
{
"name": "RHSA-2016:2659",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
},
{
"name": "RHSA-2016:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
},
{
"name": "RHSA-2016:2079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
},
{
"name": "93628",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93628"
},
{
"name": "USN-3130-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3130-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2016:2137",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
},
{
"name": "RHSA-2016:2138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
},
{
"name": "GLSA-201701-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-43"
},
{
"name": "RHSA-2016:2090",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
},
{
"name": "GLSA-201611-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-04"
},
{
"name": "RHSA-2017:0061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
},
{
"name": "RHSA-2017:1216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "USN-3154-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3154-1"
},
{
"name": "RHSA-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
},
{
"name": "1037040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037040"
},
{
"name": "RHSA-2016:2088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
},
{
"name": "RHSA-2016:2658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-5573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:46:42.904285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:24:38.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "DSA-3707",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3707"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
},
{
"name": "RHSA-2016:2659",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
},
{
"name": "RHSA-2016:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
},
{
"name": "RHSA-2016:2079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
},
{
"name": "93628",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93628"
},
{
"name": "USN-3130-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3130-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2016:2137",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
},
{
"name": "RHSA-2016:2138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
},
{
"name": "GLSA-201701-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-43"
},
{
"name": "RHSA-2016:2090",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
},
{
"name": "GLSA-201611-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-04"
},
{
"name": "RHSA-2017:0061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
},
{
"name": "RHSA-2017:1216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "USN-3154-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3154-1"
},
{
"name": "RHSA-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
},
{
"name": "1037040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037040"
},
{
"name": "RHSA-2016:2088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
},
{
"name": "RHSA-2016:2658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-5573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3707",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3707"
},
{
"name": "https://security.netapp.com/advisory/ntap-20161019-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
},
{
"name": "RHSA-2016:2659",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
},
{
"name": "RHSA-2016:2136",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
},
{
"name": "RHSA-2016:2079",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
},
{
"name": "93628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93628"
},
{
"name": "USN-3130-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3130-1"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2016:2137",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
},
{
"name": "RHSA-2016:2138",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
},
{
"name": "GLSA-201701-43",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-43"
},
{
"name": "RHSA-2016:2090",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
},
{
"name": "GLSA-201611-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-04"
},
{
"name": "RHSA-2017:0061",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
},
{
"name": "RHSA-2017:1216",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "USN-3154-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3154-1"
},
{
"name": "RHSA-2016:2089",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
},
{
"name": "1037040",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037040"
},
{
"name": "RHSA-2016:2088",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
},
{
"name": "RHSA-2016:2658",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-5573",
"datePublished": "2016-10-25T14:00:00.000Z",
"dateReserved": "2016-06-16T00:00:00.000Z",
"dateUpdated": "2024-10-10T18:24:38.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6515 (GCVE-0-2016-6515)
Vulnerability from cvelistv5 – Published: 2016-08-07 00:00 – Updated: 2024-08-06 01:29
VLAI
EPSS
Summary
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | |
| https://security.netapp.com/advisory/ntap-2017113… | |
| https://github.com/openssh/openssh-portable/commi… | |
| http://packetstormsecurity.com/files/140070/OpenS… | |
| https://www.exploit-db.com/exploits/40888/ | exploit |
| http://www.securityfocus.com/bid/92212 | vdb-entry |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.securitytracker.com/id/1036487 | vdb-entry |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2017:2029 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-list |
| http://openwall.com/lists/oss-security/2016/08/01/2 | mailing-list |
| https://cert-portal.siemens.com/productcert/pdf/s… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public
2016-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03779en_us"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"
},
{
"name": "40888",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40888/"
},
{
"name": "92212",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92212"
},
{
"name": "FreeBSD-SA-17:06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1036487",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036487"
},
{
"name": "FEDORA-2016-4a3debc3a6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2016/08/01/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03779en_us"
},
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0003/"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"
},
{
"url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"
},
{
"name": "40888",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40888/"
},
{
"name": "92212",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/92212"
},
{
"name": "FreeBSD-SA-17:06",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1036487",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036487"
},
{
"name": "FEDORA-2016-4a3debc3a6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released",
"tags": [
"mailing-list"
],
"url": "http://openwall.com/lists/oss-security/2016/08/01/2"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6515",
"datePublished": "2016-08-07T00:00:00.000Z",
"dateReserved": "2016-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:29:20.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6662 (GCVE-0-2016-6662)
Vulnerability from cvelistv5 – Published: 2016-09-20 18:00 – Updated: 2024-08-06 01:36
VLAI
EPSS
Summary
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
27 references
| URL | Tags |
|---|---|
| https://mariadb.com/kb/en/mariadb/mariadb-10027-r… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2749.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2017-0184.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2131.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2060.html | vendor-advisoryx_refsource_REDHAT |
| https://mariadb.com/kb/en/mariadb/mariadb-10117-r… | x_refsource_CONFIRM |
| https://mariadb.com/kb/en/mariadb/mariadb-5551-re… | x_refsource_CONFIRM |
| https://jira.mariadb.org/browse/MDEV-10465 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/92912 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2016/Sep/23 | mailing-listx_refsource_FULLDISC |
| https://security.gentoo.org/glsa/201701-01 | vendor-advisoryx_refsource_GENTOO |
| http://www.debian.org/security/2016/dsa-3666 | vendor-advisoryx_refsource_DEBIAN |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2130.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2077.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2927.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2059.html | vendor-advisoryx_refsource_REDHAT |
| http://legalhackers.com/advisories/MySQL-Exploit-… | x_refsource_MISC |
| https://www.percona.com/blog/2016/09/12/percona-s… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2062.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2595.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1036769 | vdb-entryx_refsource_SECTRACK |
| http://rhn.redhat.com/errata/RHSA-2016-2061.html | vendor-advisoryx_refsource_REDHAT |
| http://www.openwall.com/lists/oss-security/2016/09/12/3 | mailing-listx_refsource_MLIST |
| https://www.exploit-db.com/exploits/40360/ | exploitx_refsource_EXPLOIT-DB |
| http://rhn.redhat.com/errata/RHSA-2016-2928.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2058.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2016-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/"
},
{
"name": "RHSA-2016:2749",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2749.html"
},
{
"name": "RHSA-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0184.html"
},
{
"name": "RHSA-2016:2131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2131.html"
},
{
"name": "RHSA-2016:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.mariadb.org/browse/MDEV-10465"
},
{
"name": "92912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92912"
},
{
"name": "20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Sep/23"
},
{
"name": "GLSA-201701-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-01"
},
{
"name": "DSA-3666",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2016:2130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2130.html"
},
{
"name": "RHSA-2016:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2077.html"
},
{
"name": "RHSA-2016:2927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html"
},
{
"name": "RHSA-2016:2059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2059.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/"
},
{
"name": "RHSA-2016:2062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2062.html"
},
{
"name": "RHSA-2016:2595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2595.html"
},
{
"name": "1036769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036769"
},
{
"name": "RHSA-2016:2061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2061.html"
},
{
"name": "[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/12/3"
},
{
"name": "40360",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40360/"
},
{
"name": "RHSA-2016:2928",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html"
},
{
"name": "RHSA-2016:2058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2058.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle\u0027s October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/"
},
{
"name": "RHSA-2016:2749",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2749.html"
},
{
"name": "RHSA-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0184.html"
},
{
"name": "RHSA-2016:2131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2131.html"
},
{
"name": "RHSA-2016:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.mariadb.org/browse/MDEV-10465"
},
{
"name": "92912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92912"
},
{
"name": "20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Sep/23"
},
{
"name": "GLSA-201701-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-01"
},
{
"name": "DSA-3666",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2016:2130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2130.html"
},
{
"name": "RHSA-2016:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2077.html"
},
{
"name": "RHSA-2016:2927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html"
},
{
"name": "RHSA-2016:2059",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2059.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/"
},
{
"name": "RHSA-2016:2062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2062.html"
},
{
"name": "RHSA-2016:2595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2595.html"
},
{
"name": "1036769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036769"
},
{
"name": "RHSA-2016:2061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2061.html"
},
{
"name": "[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/12/3"
},
{
"name": "40360",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40360/"
},
{
"name": "RHSA-2016:2928",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html"
},
{
"name": "RHSA-2016:2058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2058.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle\u0027s October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/",
"refsource": "CONFIRM",
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/"
},
{
"name": "RHSA-2016:2749",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2749.html"
},
{
"name": "RHSA-2017:0184",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0184.html"
},
{
"name": "RHSA-2016:2131",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2131.html"
},
{
"name": "RHSA-2016:2060",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2060.html"
},
{
"name": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/",
"refsource": "CONFIRM",
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/"
},
{
"name": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/",
"refsource": "CONFIRM",
"url": "https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/"
},
{
"name": "https://jira.mariadb.org/browse/MDEV-10465",
"refsource": "CONFIRM",
"url": "https://jira.mariadb.org/browse/MDEV-10465"
},
{
"name": "92912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92912"
},
{
"name": "20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Sep/23"
},
{
"name": "GLSA-201701-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-01"
},
{
"name": "DSA-3666",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3666"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2016:2130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2130.html"
},
{
"name": "RHSA-2016:2077",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2077.html"
},
{
"name": "RHSA-2016:2927",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2927.html"
},
{
"name": "RHSA-2016:2059",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2059.html"
},
{
"name": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html",
"refsource": "MISC",
"url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html"
},
{
"name": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/",
"refsource": "CONFIRM",
"url": "https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/"
},
{
"name": "RHSA-2016:2062",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2062.html"
},
{
"name": "RHSA-2016:2595",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2595.html"
},
{
"name": "1036769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036769"
},
{
"name": "RHSA-2016:2061",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2061.html"
},
{
"name": "[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/12/3"
},
{
"name": "40360",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40360/"
},
{
"name": "RHSA-2016:2928",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2928.html"
},
{
"name": "RHSA-2016:2058",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2058.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6662",
"datePublished": "2016-09-20T18:00:00.000Z",
"dateReserved": "2016-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:36:29.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2300 (GCVE-0-2017-2300)
Vulnerability from cvelistv5 – Published: 2017-05-30 14:00 – Updated: 2024-08-05 13:48
VLAI
EPSS
Summary
On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets.
Severity
No CVSS data available.
CWE
- flowd daemon crash denial of service vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10768 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95400 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037597 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS on SRX Series Services Gateways chassis cluster |
Affected:
12.1X46 prior to 12.1X46-D65
Affected: 12.3X48 prior to 12.3X48-D40 Affected: 12.3X48 prior to 12.3X48-D60 |
Date Public
2017-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10768"
},
{
"name": "95400",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95400"
},
{
"name": "1037597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS on SRX Series Services Gateways chassis cluster",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "12.1X46 prior to 12.1X46-D65"
},
{
"status": "affected",
"version": "12.3X48 prior to 12.3X48-D40"
},
{
"status": "affected",
"version": "12.3X48 prior to 12.3X48-D60"
}
]
}
],
"datePublic": "2017-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "flowd daemon crash denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10768"
},
{
"name": "95400",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95400"
},
{
"name": "1037597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037597"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS on SRX Series Services Gateways chassis cluster",
"version": {
"version_data": [
{
"version_value": "12.1X46 prior to 12.1X46-D65"
},
{
"version_value": "12.3X48 prior to 12.3X48-D40"
},
{
"version_value": "12.3X48 prior to 12.3X48-D60"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "flowd daemon crash denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10768",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10768"
},
{
"name": "95400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95400"
},
{
"name": "1037597",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037597"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2300",
"datePublished": "2017-05-30T14:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2302 (GCVE-0-2017-2302)
Vulnerability from cvelistv5 – Published: 2017-05-30 14:00 – Updated: 2024-08-05 13:48
VLAI
EPSS
Summary
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition.
Severity
No CVSS data available.
CWE
- rpd daemon crash denial of service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10771 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037595 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/95394 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options |
Affected:
12.1X46 prior to 12.1X46-D55
Affected: 12.1X47 prior to 12.1X47-D45 Affected: 12.3R13 prior to 12.3R13 Affected: 12.3X48 prior to 12.3X48-D35 Affected: 13.3 prior to 13.3R10 Affected: 14.1 prior to 14.1R8 Affected: 14.1X53 prior to 14.1X53-D40 Affected: 14.1X55 prior to 14.1X55-D35 Affected: 14.2 prior to 14.2R6 Affected: 15.1 prior to 15.1F2 or 15.1R1 Affected: 15.1X49 prior to 15.1X49-D20 Affected: 16.1 and subsequent releases contain a fix |
Date Public
2017-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10771"
},
{
"name": "1037595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037595"
},
{
"name": "95394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS where the BGP add-path feature is enabled with \u0027send\u0027 option or with both \u0027send\u0027 and \u0027receive\u0027 options",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "12.1X46 prior to 12.1X46-D55"
},
{
"status": "affected",
"version": "12.1X47 prior to 12.1X47-D45"
},
{
"status": "affected",
"version": "12.3R13 prior to 12.3R13"
},
{
"status": "affected",
"version": "12.3X48 prior to 12.3X48-D35"
},
{
"status": "affected",
"version": "13.3 prior to 13.3R10"
},
{
"status": "affected",
"version": "14.1 prior to 14.1R8"
},
{
"status": "affected",
"version": "14.1X53 prior to 14.1X53-D40"
},
{
"status": "affected",
"version": "14.1X55 prior to 14.1X55-D35"
},
{
"status": "affected",
"version": "14.2 prior to 14.2R6"
},
{
"status": "affected",
"version": "15.1 prior to 15.1F2 or 15.1R1"
},
{
"status": "affected",
"version": "15.1X49 prior to 15.1X49-D20"
},
{
"status": "affected",
"version": "16.1 and subsequent releases contain a fix"
}
]
}
],
"datePublic": "2017-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with \u0027send\u0027 option or with both \u0027send\u0027 and \u0027receive\u0027 options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "rpd daemon crash denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10771"
},
{
"name": "1037595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037595"
},
{
"name": "95394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95394"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS where the BGP add-path feature is enabled with \u0027send\u0027 option or with both \u0027send\u0027 and \u0027receive\u0027 options",
"version": {
"version_data": [
{
"version_value": "12.1X46 prior to 12.1X46-D55"
},
{
"version_value": "12.1X47 prior to 12.1X47-D45"
},
{
"version_value": "12.3R13 prior to 12.3R13"
},
{
"version_value": "12.3X48 prior to 12.3X48-D35"
},
{
"version_value": "13.3 prior to 13.3R10"
},
{
"version_value": "14.1 prior to 14.1R8"
},
{
"version_value": "14.1X53 prior to 14.1X53-D40"
},
{
"version_value": "14.1X55 prior to 14.1X55-D35"
},
{
"version_value": "14.2 prior to 14.2R6"
},
{
"version_value": "15.1 prior to 15.1F2 or 15.1R1"
},
{
"version_value": "15.1X49 prior to 15.1X49-D20"
},
{
"version_value": "16.1 and subsequent releases contain a fix"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with \u0027send\u0027 option or with both \u0027send\u0027 and \u0027receive\u0027 options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "rpd daemon crash denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10771",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10771"
},
{
"name": "1037595",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037595"
},
{
"name": "95394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95394"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2302",
"datePublished": "2017-05-30T14:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2303 (GCVE-0-2017-2303)
Vulnerability from cvelistv5 – Published: 2017-05-30 14:00 – Updated: 2024-08-05 13:48
VLAI
EPSS
Summary
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition.
Severity
No CVSS data available.
CWE
- RPD daemon to crash denial of service
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95408 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037594 | vdb-entryx_refsource_SECTRACK |
| https://kb.juniper.net/JSA10772 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS where RIP is enabled |
Affected:
12.1X46 prior to 12.1X46-D50
Affected: 12.1X47 prior to 12.1X47-D40 Affected: 12.3 prior to 12.3R13 Affected: 12.3X48 prior to 12.3X48-D30 Affected: 13.2X51 prior to 13.2X51-D40 Affected: 13.3 prior to 13.3R10 Affected: 14.1 prior to 14.1R8 Affected: 14.1X53 prior to 14.1X53-D35 Affected: 14.1X55 prior to 14.1X55-D35 Affected: 14.2 prior to 14.2R5 Affected: 15.1 prior to 15.1F6 or 15.1R3 Affected: 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, Affected: 15.1X53 prior to 15.1X53-D35 Affected: 16.1R1 and all subsequent releases have fix. |
Date Public
2017-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95408",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95408"
},
{
"name": "1037594",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037594"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS where RIP is enabled",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "12.1X46 prior to 12.1X46-D50"
},
{
"status": "affected",
"version": "12.1X47 prior to 12.1X47-D40"
},
{
"status": "affected",
"version": "12.3 prior to 12.3R13"
},
{
"status": "affected",
"version": "12.3X48 prior to 12.3X48-D30"
},
{
"status": "affected",
"version": "13.2X51 prior to 13.2X51-D40"
},
{
"status": "affected",
"version": "13.3 prior to 13.3R10"
},
{
"status": "affected",
"version": "14.1 prior to 14.1R8"
},
{
"status": "affected",
"version": "14.1X53 prior to 14.1X53-D35"
},
{
"status": "affected",
"version": "14.1X55 prior to 14.1X55-D35"
},
{
"status": "affected",
"version": "14.2 prior to 14.2R5"
},
{
"status": "affected",
"version": "15.1 prior to 15.1F6 or 15.1R3"
},
{
"status": "affected",
"version": "15.1X49 prior to 15.1X49-D30 or 15.1X49-D40,"
},
{
"status": "affected",
"version": "15.1X53 prior to 15.1X53-D35"
},
{
"status": "affected",
"version": "16.1R1 and all subsequent releases have fix."
}
]
}
],
"datePublic": "2017-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RPD daemon to crash denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"name": "95408",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95408"
},
{
"name": "1037594",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037594"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10772"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS where RIP is enabled",
"version": {
"version_data": [
{
"version_value": "12.1X46 prior to 12.1X46-D50"
},
{
"version_value": "12.1X47 prior to 12.1X47-D40"
},
{
"version_value": "12.3 prior to 12.3R13"
},
{
"version_value": "12.3X48 prior to 12.3X48-D30"
},
{
"version_value": "13.2X51 prior to 13.2X51-D40"
},
{
"version_value": "13.3 prior to 13.3R10"
},
{
"version_value": "14.1 prior to 14.1R8"
},
{
"version_value": "14.1X53 prior to 14.1X53-D35"
},
{
"version_value": "14.1X55 prior to 14.1X55-D35"
},
{
"version_value": "14.2 prior to 14.2R5"
},
{
"version_value": "15.1 prior to 15.1F6 or 15.1R3"
},
{
"version_value": "15.1X49 prior to 15.1X49-D30 or 15.1X49-D40,"
},
{
"version_value": "15.1X53 prior to 15.1X53-D35"
},
{
"version_value": "16.1R1 and all subsequent releases have fix."
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RPD daemon to crash denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95408"
},
{
"name": "1037594",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037594"
},
{
"name": "https://kb.juniper.net/JSA10772",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10772"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2303",
"datePublished": "2017-05-30T14:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2304 (GCVE-0-2017-2304)
Vulnerability from cvelistv5 – Published: 2017-05-30 14:00 – Updated: 2024-08-05 13:48
VLAI
EPSS
Summary
Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'
Severity
No CVSS data available.
CWE
- information leak
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1037593 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/95403 | vdb-entryx_refsource_BID |
| https://kb.juniper.net/JSA10773 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices |
Affected:
14.1X53 prior to 14.1X53-D40
Affected: 15.1X53 prior to 15.1X53-D40 Affected: 15.1 prior to 15.1R2 |
Date Public
2017-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037593",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037593"
},
{
"name": "95403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "14.1X53 prior to 14.1X53-D40"
},
{
"status": "affected",
"version": "15.1X53 prior to 15.1X53-D40"
},
{
"status": "affected",
"version": "15.1 prior to 15.1R2"
}
]
}
],
"datePublic": "2017-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"name": "1037593",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037593"
},
{
"name": "95403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices",
"version": {
"version_data": [
{
"version_value": "14.1X53 prior to 14.1X53-D40"
},
{
"version_value": "15.1X53 prior to 15.1X53-D40"
},
{
"version_value": "15.1 prior to 15.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037593",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037593"
},
{
"name": "95403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95403"
},
{
"name": "https://kb.juniper.net/JSA10773",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2304",
"datePublished": "2017-05-30T14:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2305 (GCVE-0-2017-2305)
Vulnerability from cvelistv5 – Published: 2017-05-30 14:00 – Updated: 2024-08-05 13:48
VLAI
EPSS
Summary
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.
Severity
No CVSS data available.
CWE
- insufficient authorization check
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98759 | vdb-entryx_refsource_BID |
| https://kb.juniper.net/JSA10770 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
versions prior to 16.1R1
|
Date Public
2017-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98759",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "versions prior to 16.1R1"
}
]
}
],
"datePublic": "2017-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insufficient authorization check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-01T09:57:01.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"name": "98759",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_value": "versions prior to 16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient authorization check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98759"
},
{
"name": "https://kb.juniper.net/JSA10770",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2305",
"datePublished": "2017-05-30T14:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2306 (GCVE-0-2017-2306)
Vulnerability from cvelistv5 – Published: 2017-05-30 14:00 – Updated: 2024-08-05 13:48
VLAI
EPSS
Summary
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
Severity
No CVSS data available.
CWE
- insufficient authorization check leading to code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10770 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/98772 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
versions prior to 16.1R1
|
Date Public
2017-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10770"
},
{
"name": "98772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "versions prior to 16.1R1"
}
]
}
],
"datePublic": "2017-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insufficient authorization check leading to code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T09:57:01.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10770"
},
{
"name": "98772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98772"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_value": "versions prior to 16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient authorization check leading to code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10770",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10770"
},
{
"name": "98772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98772"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2306",
"datePublished": "2017-05-30T14:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2307 (GCVE-0-2017-2307)
Vulnerability from cvelistv5 – Published: 2017-05-30 14:00 – Updated: 2024-08-05 13:48
VLAI
EPSS
Summary
A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.
Severity
No CVSS data available.
CWE
- reflected cross site scripting vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98749 | vdb-entryx_refsource_BID |
| https://kb.juniper.net/JSA10770 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
versions prior to 16.1R1
|
Date Public
2017-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98749",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "versions prior to 16.1R1"
}
]
}
],
"datePublic": "2017-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected cross site scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-31T09:57:01.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"name": "98749",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_value": "versions prior to 16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected cross site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98749"
},
{
"name": "https://kb.juniper.net/JSA10770",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2307",
"datePublished": "2017-05-30T14:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…