Details of VAR-202110-1038

ID

VAR-202110-1038

CVE

CVE-2021-31381

TITLE

Red Hat JBoss Application Server Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-1477

DESCRIPTION

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system. Red Hat JBoss Application Server is an open source application server based on Java EE from Red Hat. The product has the characteristics of ultra-fast startup, light weight, modular design, hot deployment and parallel deployment, simple management, domain management, and first-class components

Trust: 0.99

sources: NVD: CVE-2021-31381 // VULHUB: VHN-391129

AFFECTED PRODUCTS

vendor:	juniper	model:	session and resource control	scope:	lt	version:	4.13.0r3	Trust: 1.0
vendor:	juniper	model:	session and resource control	scope:	lt	version:	4.12.0r5	Trust: 1.0
vendor:	juniper	model:	session and resource control	scope:	gte	version:	4.13.0r1	Trust: 1.0

sources: NVD: CVE-2021-31381

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31381
value:	CRITICAL
Trust: 1.0
sirt@juniper.net:	CVE-2021-31381
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202110-1477
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-391129
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-31381
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-391129
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-31381
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
sirt@juniper.net:	CVE-2021-31381
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-391129 // CNNVD: CNNVD-202110-1477 // NVD: CVE-2021-31381 // NVD: CVE-2021-31381

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-16	Trust: 1.0

sources: NVD: CVE-2021-31381

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1477

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-1477

PATCH

title:

Red Hat JBoss Application Server Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168093

Trust: 0.6

sources: CNNVD: CNNVD-202110-1477

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31381	Trust: 1.7
db:	JUNIPER	id:	JSA11248	Trust: 1.7
db:	CNNVD	id:	CNNVD-202110-1477	Trust: 0.7
db:	VULHUB	id:	VHN-391129	Trust: 0.1

sources: VULHUB: VHN-391129 // CNNVD: CNNVD-202110-1477 // NVD: CVE-2021-31381

REFERENCES

url:	https://kb.juniper.net/jsa11248	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31381	Trust: 0.6

sources: VULHUB: VHN-391129 // CNNVD: CNNVD-202110-1477 // NVD: CVE-2021-31381

SOURCES

db:	VULHUB	id:	VHN-391129
db:	CNNVD	id:	CNNVD-202110-1477
db:	NVD	id:	CVE-2021-31381

LAST UPDATE DATE

2024-08-14T14:44:15.935000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-391129	date:	2021-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202110-1477	date:	2021-11-02T00:00:00
db:	NVD	id:	CVE-2021-31381	date:	2021-10-26T16:51:22.153

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-391129	date:	2021-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202110-1477	date:	2021-10-19T00:00:00
db:	NVD	id:	CVE-2021-31381	date:	2021-10-19T19:15:11.193