Sign-up

ID

VAR-200803-0353


CVE

CVE-2008-1181


TITLE

Juniper Networks Secure Access 2000 Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2008-004190

DESCRIPTION

Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. Juniper Networks Secure Access 2000 is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks. Secure Access 2000 5.5R1 Build 11711 is vulnerable; other versions may also be affected. The request will display the path in the \"Execution Failed\" error message

Trust: 1.98

sources: NVD: CVE-2008-1181 // JVNDB: JVNDB-2008-004190 // BID: 28037 // VULHUB: VHN-31306

AFFECTED PRODUCTS

vendor:junipermodel:secure access 2000scope:eqversion:5.5

Trust: 1.6

vendor:junipermodel:secure access 2000scope:eqversion:5.5 r1 (build 11711)

Trust: 0.8

vendor:junipermodel:secure access 5.5r1 buildscope:eqversion:200011711

Trust: 0.3

vendor:junipermodel:secure accessscope:eqversion:20000

Trust: 0.3

vendor:junipermodel:secure access 6.0r1scope:neversion:2000

Trust: 0.3

sources: BID: 28037 // JVNDB: JVNDB-2008-004190 // CNNVD: CNNVD-200803-070 // NVD: CVE-2008-1181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1181
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-1181
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200803-070
value: MEDIUM

Trust: 0.6

VULHUB: VHN-31306
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-1181
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-31306
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-31306 // JVNDB: JVNDB-2008-004190 // CNNVD: CNNVD-200803-070 // NVD: CVE-2008-1181

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-31306 // JVNDB: JVNDB-2008-004190 // NVD: CVE-2008-1181

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-070

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200803-070

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-004190

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-31306

PATCH
title:Secure Accessurl:http://www.juniper.net/us/en/products-services/security/sa-series/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-004190

EXTERNAL IDS
db:NVDid:CVE-2008-1181
Trust: 2.8
db:BIDid:28037
Trust: 2.0
db:SREASONid:3719
Trust: 1.7
db:SECTRACKid:1019526
Trust: 1.7
db:JVNDBid:JVNDB-2008-004190
Trust: 0.8
db:CNNVDid:CNNVD-200803-070
Trust: 0.7
db:BUGTRAQid:20080228 PR07-42: WEBROOT DISCLOSURE ON JUNIPER NETWORKS SECURE ACCESS 2000
Trust: 0.6
db:EXPLOIT-DBid:31313
Trust: 0.1
db:SEEBUGid:SSVID-84649
Trust: 0.1
db:VULHUBid:VHN-31306
Trust: 0.1
sources:
            
            
            VULHUB: VHN-31306 // 
            
            
            
            BID: 28037 // 
            
            
            
            JVNDB: JVNDB-2008-004190 // 
            
            
            
            CNNVD: CNNVD-200803-070 // 
            
            
            
            NVD: CVE-2008-1181

REFERENCES
url:http://www.securityfocus.com/bid/28037
Trust: 1.7
url:http://www.securitytracker.com/id?1019526
Trust: 1.7
url:http://securityreason.com/securityalert/3719
Trust: 1.7
url:http://www.securityfocus.com/archive/1/488919/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1181
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1181
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/488919/100/0/threaded
Trust: 0.6
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/products_and_services/ssl_vpn_secure_access/secure_access_2000/
Trust: 0.3
url:/archive/1/488919
Trust: 0.3
url:http://www.procheckup.com/vulnerability_pr07-42.php
Trust: 0.3
sources:
            
            
            VULHUB: VHN-31306 // 
            
            
            
            BID: 28037 // 
            
            
            
            JVNDB: JVNDB-2008-004190 // 
            
            
            
            CNNVD: CNNVD-200803-070 // 
            
            
            
            NVD: CVE-2008-1181

CREDITS
Richard Brain of ProCheckUp Ltd. is credited with discovering this vulnerability.
Trust: 0.3
sources:
            
            
            BID: 28037

SOURCES
db:VULHUBid:VHN-31306
db:BIDid:28037
db:JVNDBid:JVNDB-2008-004190
db:CNNVDid:CNNVD-200803-070
db:NVDid:CVE-2008-1181

LAST UPDATE DATE
2024-11-23T22:36:03.653000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-31306date:2018-10-11T00:00:00
db:BIDid:28037date:2015-05-07T17:32:00
db:JVNDBid:JVNDB-2008-004190date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200803-070date:2008-09-05T00:00:00
db:NVDid:CVE-2008-1181date:2024-11-21T00:43:52.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-31306date:2008-03-06T00:00:00
db:BIDid:28037date:2008-02-28T00:00:00
db:JVNDBid:JVNDB-2008-004190date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200803-070date:2008-03-05T00:00:00
db:NVDid:CVE-2008-1181date:2008-03-06T00:44:00