Details of VAR-202110-0413

ID

VAR-202110-0413

CVE

CVE-2021-31380

TITLE

Red Hat JBoss Application Server Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-1475

DESCRIPTION

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information. Red Hat JBoss Application Server is an open source application server based on Java EE from Red Hat. The product has the characteristics of ultra-fast startup, light weight, modular design, hot deployment and parallel deployment, simple management, domain management, and first-class components

Trust: 1.08

sources: NVD: CVE-2021-31380 // VULHUB: VHN-391128 // VULMON: CVE-2021-31380

AFFECTED PRODUCTS

vendor:	juniper	model:	session and resource control	scope:	lt	version:	4.13.0r3	Trust: 1.0
vendor:	juniper	model:	session and resource control	scope:	lt	version:	4.12.0r5	Trust: 1.0
vendor:	juniper	model:	session and resource control	scope:	gte	version:	4.13.0r1	Trust: 1.0

sources: NVD: CVE-2021-31380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31380
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2021-31380
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202110-1475
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-391128
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-31380
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-31380
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-391128
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2021-31380
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-391128 // VULMON: CVE-2021-31380 // CNNVD: CNNVD-202110-1475 // NVD: CVE-2021-31380 // NVD: CVE-2021-31380

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-16	Trust: 1.0

sources: NVD: CVE-2021-31380

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1475

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-1475

PATCH

title:

Red Hat JBoss Application Server Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166463

Trust: 0.6

sources: CNNVD: CNNVD-202110-1475

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31380	Trust: 1.8
db:	JUNIPER	id:	JSA11248	Trust: 1.8
db:	CNNVD	id:	CNNVD-202110-1475	Trust: 0.7
db:	VULHUB	id:	VHN-391128	Trust: 0.1
db:	VULMON	id:	CVE-2021-31380	Trust: 0.1

sources: VULHUB: VHN-391128 // VULMON: CVE-2021-31380 // CNNVD: CNNVD-202110-1475 // NVD: CVE-2021-31380

REFERENCES

url:	https://kb.juniper.net/jsa11248	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31380	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-391128 // VULMON: CVE-2021-31380 // CNNVD: CNNVD-202110-1475 // NVD: CVE-2021-31380

SOURCES

db:	VULHUB	id:	VHN-391128
db:	VULMON	id:	CVE-2021-31380
db:	CNNVD	id:	CNNVD-202110-1475
db:	NVD	id:	CVE-2021-31380

LAST UPDATE DATE

2024-08-14T14:44:15.911000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-391128	date:	2021-10-25T00:00:00
db:	VULMON	id:	CVE-2021-31380	date:	2021-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202110-1475	date:	2021-10-28T00:00:00
db:	NVD	id:	CVE-2021-31380	date:	2021-10-25T17:34:12.077

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-391128	date:	2021-10-19T00:00:00
db:	VULMON	id:	CVE-2021-31380	date:	2021-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202110-1475	date:	2021-10-19T00:00:00
db:	NVD	id:	CVE-2021-31380	date:	2021-10-19T19:15:11.133