Vulnerability-Lookup

CVE-2011-1473 (GCVE-0-2011-1473)

Vulnerability from cvelistv5 – Published: 2012-06-16 21:00 – Updated: 2024-08-06 22:28 Disputed

Summary

OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://vincent.bernat.im/en/blog/2011-ssl-dos-mit…	x_refsource_MISC
	http://www.ietf.org/mail-archive/web/tls/current/…	mailing-listx_refsource_MLIST
	http://www.ietf.org/mail-archive/web/tls/current/…	mailing-listx_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=707065	x_refsource_MISC
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://www.educatedguesswork.org/2011/10/ssltls_a…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2011/07/08/2	mailing-listx_refsource_MLIST
	http://marc.info/?l=bugtraq&m=133951357207000&w=2	vendor-advisoryx_refsource_HP
	http://www.ietf.org/mail-archive/web/tls/current/…	mailing-listx_refsource_MLIST
	http://orchilles.com/2011/03/ssl-renegotiation-dos.html	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=133951357207000&w=2	vendor-advisoryx_refsource_HP
	http://www.ietf.org/mail-archive/web/tls/current/…	mailing-listx_refsource_MLIST
	http://www.ietf.org/mail-archive/web/tls/current/…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/142b93d261e8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/6121becfdd23…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/8be38d356544…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r1e33410bb5c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r298a09a2b98…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r77fe5758932…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r5e595b91f00…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r3822ad69442…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r8680f41bcda…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/ra95c355827b…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r13a07a09f98…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rf9e8ae0356a…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rc98eaa3f822…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
          },
          {
            "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
          },
          {
            "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
          },
          {
            "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
          },
          {
            "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "[tls] 20110315 SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
          },
          {
            "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
          },
          {
            "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-20T15:06:19.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
        },
        {
          "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
        },
        {
          "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
        },
        {
          "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
        },
        {
          "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "[tls] 20110315 SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
        },
        {
          "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
        },
        {
          "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1473",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html",
              "refsource": "MISC",
              "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
            },
            {
              "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
            },
            {
              "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
            },
            {
              "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
            },
            {
              "name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html",
              "refsource": "MISC",
              "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
            },
            {
              "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
            },
            {
              "name": "SSRT100852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
            },
            {
              "name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html",
              "refsource": "MISC",
              "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
            },
            {
              "name": "HPSBMU02776",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "[tls] 20110315 SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
            },
            {
              "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
              "refsource": "MLIST",
              "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
            },
            {
              "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d@%3Ccommits.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557@%3Cdev.rocketmq.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1473",
    "datePublished": "2012-06-16T21:00:00.000Z",
    "dateReserved": "2011-03-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:28:41.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-316

Vulnerability from certfr_avis - Published: 2012-06-12 - Updated: 2012-06-12

Onze vulnérabilités ont été corrigées dans HP Onboard Administrator. L'exploitation de ces vulnérabilités peut mener à divers accès non autorisés à des données distantes et à des dénis de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à HP Onboard Adminitrator v3.56.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP du 07 juin 2012	None	vendor-advisory
Bulletin de sécurité HP c03315912 du 07 juin 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 HP Onboard Adminitrator v3.56.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2011-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2012-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
    },
    {
      "name": "CVE-2011-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2691"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    }
  ],
  "initial_release_date": "2012-06-12T00:00:00",
  "last_revision_date": "2012-06-12T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03315912 du 07 juin 2012 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03315912"
    }
  ],
  "reference": "CERTA-2012-AVI-316",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Onze vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eHP\nOnboard Administrator\u003c/span\u003e. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut\nmener \u00e0 divers acc\u00e8s non autoris\u00e9s \u00e0 des donn\u00e9es distantes et \u00e0 des\nd\u00e9nis de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Onboard Administrator",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP du 07 juin 2012",
      "url": null
    }
  ]
}

CERTFR-2025-AVI-0304

Vulnerability from certfr_avis - Published: 2025-04-10 - Updated: 2025-04-10

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les versions 21.4.x de Junos OS pour SRX Series ne bénéficient pas de correctif pour la vulnérabilité CVE-2025-30659.

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 21.4.x antérieures à 21.4R3-S10
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S6-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S4-EVO
Juniper Networks	Junos OS	Junos OS versions 22.2.x antérieures à 22.2R3-S6
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 21.4R3-S10-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R2-EVO
Juniper Networks	Junos Space	Junos Space versions antérieures à 24.1R3
Juniper Networks	Junos Space	Junos Space Security Director versions antérieures à 24.1R3
Juniper Networks	Junos OS	Junos OS versions 23.4.x antérieures à 23.4R2-S4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S6-EVO
Juniper Networks	CTPView	CTPView versions antérieures à 9.2R1
Juniper Networks	Junos OS	Junos OS versions 22.4.x antérieures à 22.4R3-S6
Juniper Networks	Junos OS	Junos OS versions 23.2.x antérieures à 23.2R2-S3
Juniper Networks	Junos OS	Junos OS versions 24.2.x antérieures à 24.2R2
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S9

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA96456	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96447	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96467	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96461	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96446	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96451	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96470	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96458	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96462	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96457	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96466	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96463	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96459	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96450	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96464	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96453	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96465	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96444	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96469	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96448	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96471	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96449	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96455	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96452	2025-04-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10 ",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S6-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S10-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S6-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions ant\u00e9rieures \u00e0 9.2R1",
      "product": {
        "name": "CTPView",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 21.4.x de Junos OS pour SRX Series ne b\u00e9n\u00e9ficient pas de correctif pour la vuln\u00e9rabilit\u00e9 CVE-2025-30659.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
    },
    {
      "name": "CVE-2024-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2024-27820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
    },
    {
      "name": "CVE-2024-42284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2025-21597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21597"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2025-30658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30658"
    },
    {
      "name": "CVE-2024-40866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40866"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2024-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2024-26993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2024-40898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40898"
    },
    {
      "name": "CVE-2024-26852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
    },
    {
      "name": "CVE-2011-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
    },
    {
      "name": "CVE-2025-30657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30657"
    },
    {
      "name": "CVE-2025-30660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30660"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2024-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
    },
    {
      "name": "CVE-2024-44187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44187"
    },
    {
      "name": "CVE-2025-21601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21601"
    },
    {
      "name": "CVE-2024-32021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
    },
    {
      "name": "CVE-2024-40725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40725"
    },
    {
      "name": "CVE-2019-7611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7611"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2025-21591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21591"
    },
    {
      "name": "CVE-2025-30649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30649"
    },
    {
      "name": "CVE-2025-30652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30652"
    },
    {
      "name": "CVE-2024-40789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2025-30651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30651"
    },
    {
      "name": "CVE-2024-32004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
    },
    {
      "name": "CVE-2024-39884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39884"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2024-32020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-27838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27838"
    },
    {
      "name": "CVE-2024-23271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23271"
    },
    {
      "name": "CVE-2024-39487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2025-30647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30647"
    },
    {
      "name": "CVE-2024-32465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    },
    {
      "name": "CVE-2025-30654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30654"
    },
    {
      "name": "CVE-2025-30655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30655"
    },
    {
      "name": "CVE-2024-40782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
    },
    {
      "name": "CVE-2024-26735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
    },
    {
      "name": "CVE-2024-35899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2021-47596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47596"
    },
    {
      "name": "CVE-2025-30659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30659"
    },
    {
      "name": "CVE-2025-30653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30653"
    },
    {
      "name": "CVE-2025-30645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30645"
    },
    {
      "name": "CVE-2020-7021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7021"
    },
    {
      "name": "CVE-2021-22135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22135"
    },
    {
      "name": "CVE-2025-30646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30646"
    },
    {
      "name": "CVE-2024-27851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
    },
    {
      "name": "CVE-2025-30644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30644"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2025-30656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30656"
    },
    {
      "name": "CVE-2022-39253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
    },
    {
      "name": "CVE-2021-22144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22144"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2025-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21595"
    },
    {
      "name": "CVE-2025-30648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30648"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2021-22137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22137"
    },
    {
      "name": "CVE-2024-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2025-21594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21594"
    },
    {
      "name": "CVE-2020-7020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7020"
    }
  ],
  "initial_release_date": "2025-04-10T00:00:00",
  "last_revision_date": "2025-04-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0304",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96456",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-malformed-LLDP-TLV-results-in-l2cpd-crash-CVE-2025-30646"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96447",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R3-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96467",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96461",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-ICMPv6-packet-causes-a-memory-overrun-leading-to-an-rpd-crash-CVE-2025-30651"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96446",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R3-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96451",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-rib-sharding-and-update-threading-are-configured-and-a-peer-flaps-an-rpd-core-is-observed"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96470",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-A-device-configured-for-vector-routing-crashes-when-receiving-specific-traffic-CVE-2025-30659?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96458",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-DHCP-packet-causes-jdhcpd-process-to-crash-CVE-2025-30648"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96462",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-CLI-command-when-asregex-optimized-is-configured-causes-an-RPD-crash-CVE-2025-30652"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96457",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Subscriber-login-logout-activity-will-lead-to-a-memory-leak-CVE-2025-30647"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96466",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-SRX-Series-Processing-of-specific-SIP-INVITE-messages-by-the-SIP-ALG-will-lead-to-an-FPC-crash-CVE-2025-30656?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96463",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-LSP-flap-in-a-specific-MPLS-LSP-scenario-leads-to-RPD-crash-CVE-2025-30653"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96459",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX240-MX480-MX960-with-SPC3-An-attacker-sending-specific-packets-will-cause-a-CPU-utilization-DoS-CVE-2025-30649"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96450",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-VXLAN-scenario-specific-ARP-or-NDP-packets-cause-FPC-to-crash-CVE-2025-21595"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96464",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-local-low-privileged-user-can-access-sensitive-information-CVE-2025-30654"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96453",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-EX2300-EX3400-EX4000-Series-QFX5k-Series-Receipt-of-a-specific-DHCP-packet-causes-FPC-crash-when-DHCP-Option-82-is-enabled-CVE-2025-30644"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96465",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-CLI-command-will-cause-a-RPD-crash-when-rib-sharding-and-update-threading-is-enabled-CVE-2025-30655?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96444",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-CTP-View-Multiple-Vulnerabilities-resolved-in-9-2R1-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96469",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-On-devices-with-Anti-Virus-enabled-malicious-server-responses-will-cause-memory-to-leak-ultimately-causing-forwarding-to-stop-CVE-2025-30658?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96448",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-An-unauthenticated-adjacent-attacker-sending-a-malformed-DHCP-packet-causes-jdhcpd-to-crash-CVE-2025-21591"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96471",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Decapsulation-of-specific-GRE-packets-leads-to-PFE-reset-CVE-2025-30660?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96449",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-In-DS-lite-and-NAT-senario-receipt-of-crafted-IPv4-traffic-causes-port-block-CVE-2025-21594"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96455",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-Transmission-of-specific-control-traffic-sent-out-of-a-DS-Lite-tunnel-results-in-flowd-crash-CVE-2025-30645"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96452",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-and-EX-Series-MX240-MX480-MX960-QFX5120-Series-When-web-management-is-enabled-for-specific-services-an-attacker-may-cause-a-CPU-spike-by-sending-genuine-packets-to-the-device-CVE-2025-21601"
    }
  ]
}

CERTA-2013-AVI-508

Vulnerability from certfr_avis - Published: 2013-09-10 - Updated: 2013-09-10

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos Space	Juniper Junos Space Appliance JA1500
Juniper Networks	Junos Space	Juniper Junos Space Software version 11.3
Juniper Networks	N/A	Juniper NSM version 2011.4
Juniper Networks	N/A	Juniper NSM version 2012.1
Juniper Networks	Junos Space	Juniper Junos Space Software version 11.1
Juniper Networks	N/A	Juniper STRM version 2010.0
Juniper Networks	Junos Space	Juniper Junos Space Software version 11.2
Juniper Networks	N/A	Juniper SA (IVE OS) versions antérieures à 7.3r2
Juniper Networks	N/A	Juniper NSM version 2010.3
Juniper Networks	N/A	Juniper STRM version 2012.0
Juniper Networks	N/A	Juniper JunosE Operating System
Juniper Networks	Junos Space	Juniper Junos Space Software version 12.1
Juniper Networks	N/A	Juniper NSM version 2012.2
Juniper Networks	N/A	Juniper SA (IVE OS) versions antérieures à 7.1r13
Juniper Networks	N/A	Juniper SA (IVE OS) versions antérieures à 7.2r7
Juniper Networks	N/A	Juniper STRM version 2012.1
Juniper Networks	N/A	Juniper Junos Operating System
Juniper Networks	N/A	Juniper ScreenOS
Juniper Networks	N/A	Juniper STRM version 2013.1
Juniper Networks	Junos Space	Juniper Junos Space Software version 12.3
Juniper Networks	Junos Space	Juniper Junos Space Software version 12.2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10586 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10554 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10584 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10582 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10585 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10583 du 20 août 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Junos Space Appliance JA1500",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 11.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2011.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2012.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 11.1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2010.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 11.2",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA (IVE OS) versions ant\u00e9rieures \u00e0 7.3r2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2010.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2012.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper JunosE Operating System",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 12.1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2012.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA (IVE OS) versions ant\u00e9rieures \u00e0 7.1r13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA (IVE OS) versions ant\u00e9rieures \u00e0 7.2r7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2012.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Operating System",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2013.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 12.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 12.2",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5460"
    },
    {
      "name": "CVE-2013-5097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5097"
    },
    {
      "name": "CVE-2013-2970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2970"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2013-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0149"
    },
    {
      "name": "CVE-2013-5095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5095"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2013-5096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5096"
    }
  ],
  "initial_release_date": "2013-09-10T00:00:00",
  "last_revision_date": "2013-09-10T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-508",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-09-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10586 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10586\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10554 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10554\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10584 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10584\u0026cat=SIRT_1\u0026actp=LIST\u0026showDraft=false"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10582 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10582\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10585 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10585\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10583 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10583\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2013-AVI-542

Vulnerability from certfr_avis - Published: 2013-09-25 - Updated: 2013-09-25

De multiples vulnérabilités ont été corrigées dans Blue Coat. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Blue Coat SGOS 6
N/A	N/A	Blue Coat ProxySG
N/A	N/A	Blue Coat SGOS 5

References

Title

Publication Time

Tags

Bulletin de sécurité Blue Coat SA75 du 23 septembre 2013	None	vendor-advisory
Bulletin de sécurité Blue Coat SA74 du 23 septembre 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Blue Coat SGOS 6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Blue Coat ProxySG",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Blue Coat SGOS 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    }
  ],
  "initial_release_date": "2013-09-25T00:00:00",
  "last_revision_date": "2013-09-25T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-542",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eBlue Coat\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Blue Coat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA75 du 23 septembre 2013",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA75"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA74 du 23 septembre 2013",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA74"
    }
  ]
}

CERTFR-2024-AVI-0575

Vulnerability from certfr_avis - Published: 2024-07-12 - Updated: 2024-10-15

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Junos OS versions 23.4 antérieures à 23.4R2
Juniper Networks	N/A	Junos OS Evolved versions 21.4-EVO antérieures à 21.4R2-EVO
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 22.4 antérieures à 22.4R3
Juniper Networks	N/A	Junos OS on MX Series versions 22.2 antérieures à 22.2R3-S3
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 22.1-EVO antérieures à 22.1R3-S6-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 22.4 antérieures à 22.4R3-S2
Juniper Networks	N/A	Junos OS versions 23.2 antérieures à 23.2R2-S1
Juniper Networks	N/A	Session Smart Router versions 6.2 antérieures à SSR-6.2.5-r2
Juniper Networks	N/A	Junos OS on MX Series versions 22.1 antérieures à 22.1R3-S5
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 22.4-EVO antérieures à 22.4R3-S2-EVO
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 23.2-EVO antérieures à 23.2R2-EVO
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 antérieures à 21.4R3-S7
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 21.2 antérieures à 21.2R3-S8
Juniper Networks	N/A	Junos OS versions 22.1 antérieures à 22.1R3-S6
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R3
Juniper Networks	N/A	Junos OS Evolved versions 21.3-EVO antérieures à 21.3R3-S5-EVO
Juniper Networks	N/A	Junos OS Evolved versions 21.2-EVO antérieures à 21.2R3-S7-EVO
Juniper Networks	N/A	Junos OS versions antérieures à 20.4R3-S9
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R2-EVO
Juniper Networks	N/A	Junos OS versions 22.4 antérieures à 22.4R2-S2
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 22.2 antérieures à 22.2R3-S4
Juniper Networks	N/A	Junos OS on MX Series versions 21.4 antérieures à 21.4R3-S6
Juniper Networks	N/A	Junos OS on MX Series versions 22.4 antérieures à 22.4R3
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 22.3 antérieures à 22.3R3-S2
Juniper Networks	N/A	Session Smart Router versions 6.1 antérieures à SSR-6.1.8-lts
Juniper Networks	N/A	Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-EVO
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 antérieures à 20.4R3-S10
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R3
Juniper Networks	N/A	Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-EVO
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 antérieures à 22.4R3
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 antérieures à 22.2R3-S1
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 antérieures à 21.3R3-S5
Juniper Networks	N/A	Junos OS on MX Series versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 22.3 antérieures à 22.3R3-S2
Juniper Networks	N/A	Junos OS versions 21.4 antérieures à 21.4R2
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 22.2 antérieures à 22.2R3-S3
Juniper Networks	N/A	Junos OS versions 23.4 antérieures à 23.4R1-S2
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 antérieures à 22.2R3-S2
Juniper Networks	N/A	Junos OS Evolved versions 22.3-EVO antérieures à 22.3R3-S3-EVO
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 23.2R1-EVO
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 21.4R3-S8-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 22.1 antérieures à 22.1R3-S6
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 antérieures à 21.2R3-S6
Juniper Networks	N/A	Junos OS on MX Series versions antérieures à 21.2R3-S6
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 22.2 antérieures à 22.2R3-S3
Juniper Networks	N/A	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R1-S1-EVO
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS versions antérieures à 21.4R3-S8
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 22.4R3-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R1-S1
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions antérieures à 21.2R3-S7
Juniper Networks	N/A	Session Smart Router versions antérieures à SSR-5.6.14
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 21.2R3-S8-EVO
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions antérieures à 21.2R3-S8
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 antérieures à 22.1R3-S2
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 antérieures à 22.3R3-S1
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions antérieures à 21.4R3-S7-EVO
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 22.1 antérieures à 22.1R3-S5
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 21.4 antérieures à 21.4R3-S6
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 22.3-EVO antérieures à 22.3R3-S3-EVO
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 23.4 antérieures à 23.4R2
Juniper Networks	N/A	Junos OS versions 22.3 antérieures à 22.3R1-S2
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 22.3 antérieures à 22.3R3-S3
Juniper Networks	N/A	Junos OS Evolved versions 22.3-EVO antérieures à 22.3R1-S1-EVO
Juniper Networks	N/A	Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-S3-EVO
Juniper Networks	N/A	Junos OS versions antérieures à 21.2R3-S8
Juniper Networks	N/A	Junos Space versions antérieures à 24.1R1
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 antérieures à 21.4R3-S6
Juniper Networks	N/A	Junos OS Evolved versions 22.3-EVO antérieures à 22.3R2-EVO
Juniper Networks	N/A	Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-EVO
Juniper Networks	N/A	Junos OS versions 22.4 antérieures à 22.4R3-S3
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 20.4R3-S10-EVO
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 22.4 antérieures à 22.4R3-S1
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R1-S2
Juniper Networks	N/A	Junos OS Evolved versions 22.4-EVO antérieures à 22.4R2-S2-EVO
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions antérieures à 21.2R3-S8-EVO
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R2
Juniper Networks	N/A	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S1-EVO
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 22.1 antérieures à 22.1R3-S5
Juniper Networks	N/A	Junos OS Evolved versions antérieures à before 22.1R3-EVO
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R2-S1
Juniper Networks	N/A	Junos OS Evolved versions 21.4-EVO antérieures à 21.4R3-S8-EVO
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 22.2-EVO antérieures à 22.2R3-S4-EVO
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 antérieures à 22.1R3-S4
Juniper Networks	N/A	Junos OS versions 21.3 antérieures à 21.3R3-S5
Juniper Networks	N/A	Junos OS versions antérieures à 22.1R2-S2
Juniper Networks	N/A	Junos OS Evolved versions 22.1-EVO antérieures à 22.1R3-S6-EVO
Juniper Networks	N/A	Junos OS versions 22.2 antérieures à 22.2R3-S4
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 21.4 antérieures à 21.4R3-S7
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R1-S2-EVO
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 22.4R2-EVO
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS versions 22.2 antérieures à 22.2R2-S1
Juniper Networks	N/A	Junos OS versions 23.1 antérieures à 23.1R2
Juniper Networks	N/A	Junos OS on MX Series versions 22.3 antérieures à 22.3R3-S2
Juniper Networks	N/A	Junos OS versions 22.3 antérieures à 22.3R3-S3
Juniper Networks	N/A	Junos OS Evolved versions 22.2-EVO antérieures à 22.2R3-S4-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions antérieures à 21.2R3-S8
Juniper Networks	N/A	Junos OS versions 22.3 antérieures à 22.3R2-S2
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 21.4 antérieures à 21.4R3-S6
Juniper Networks	N/A	Junos OS Evolved versions 22.2-EVO antérieures à 22.2R2-S1-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R2
Juniper Networks	N/A	Junos OS Evolved versions 23.4-EVO antérieures à 23.4R1-S2-EVO

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA83001	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82976	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83027	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83021	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83018	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82987	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82982	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83012	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83019	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83004	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83010	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83014	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82996	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82980	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83000	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83008	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82991	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83011	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82989	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82997	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83023	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83026	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83013	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83002	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83015	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83007	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82995	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82993	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA75726	2024-07-11	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82988	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83017	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82983	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83020	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82998	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82999	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83016	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82992	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82978	2024-07-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions 6.2 ant\u00e9rieures \u00e0 SSR-6.2.5-r2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.3-EVO ant\u00e9rieures \u00e0 21.3R3-S5-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R3-S7-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R2-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions 6.1 ant\u00e9rieures \u00e0 SSR-6.1.8-lts",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 23.2R1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R1-S1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.4R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions ant\u00e9rieures \u00e0 21.2R3-S7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-5.6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions ant\u00e9rieures \u00e0 21.2R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R1-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R1-S1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S10-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R1-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R2-S2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 before 22.1R3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 22.1R2-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R2-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.1 ant\u00e9rieures \u00e0 23.1R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R2-S1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-39560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
    },
    {
      "name": "CVE-2023-32435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"
    },
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2024-39554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2024-39539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
    },
    {
      "name": "CVE-2021-36160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
    },
    {
      "name": "CVE-2020-12401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
    },
    {
      "name": "CVE-2024-39558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
    },
    {
      "name": "CVE-2022-30522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
    },
    {
      "name": "CVE-2021-37701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
    },
    {
      "name": "CVE-2022-21460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
    },
    {
      "name": "CVE-2021-31535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
    },
    {
      "name": "CVE-2022-36760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
    },
    {
      "name": "CVE-2021-33034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2024-39552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
    },
    {
      "name": "CVE-2021-27290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
    },
    {
      "name": "CVE-2019-11727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
    },
    {
      "name": "CVE-2023-3390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
    },
    {
      "name": "CVE-2023-4004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
    },
    {
      "name": "CVE-2021-29469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
    },
    {
      "name": "CVE-2023-2002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2021-23440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
    },
    {
      "name": "CVE-2021-32804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
    },
    {
      "name": "CVE-2020-13950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13950"
    },
    {
      "name": "CVE-2021-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
    },
    {
      "name": "CVE-2024-39546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39546"
    },
    {
      "name": "CVE-2024-39540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
    },
    {
      "name": "CVE-2018-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3737"
    },
    {
      "name": "CVE-2024-39543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
    },
    {
      "name": "CVE-2020-11984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
    },
    {
      "name": "CVE-2022-22721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
    },
    {
      "name": "CVE-2021-35624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
    },
    {
      "name": "CVE-2023-35788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2024-39514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
    },
    {
      "name": "CVE-2022-25147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
    },
    {
      "name": "CVE-2021-35604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
    },
    {
      "name": "CVE-2021-42013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"
    },
    {
      "name": "CVE-2023-34059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34059"
    },
    {
      "name": "CVE-2024-39529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39529"
    },
    {
      "name": "CVE-2006-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2021-2385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
    },
    {
      "name": "CVE-2022-29167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29167"
    },
    {
      "name": "CVE-2020-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
    },
    {
      "name": "CVE-2019-10747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10747"
    },
    {
      "name": "CVE-2023-34058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
    },
    {
      "name": "CVE-2011-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
    },
    {
      "name": "CVE-2019-16776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
    },
    {
      "name": "CVE-2022-21589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2019-10097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2023-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2023-4206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
    },
    {
      "name": "CVE-2022-21304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
    },
    {
      "name": "CVE-2023-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
    },
    {
      "name": "CVE-2024-39536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
    },
    {
      "name": "CVE-2024-39555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2023-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
    },
    {
      "name": "CVE-2020-13938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13938"
    },
    {
      "name": "CVE-2016-10540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
    },
    {
      "name": "CVE-2019-10082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
    },
    {
      "name": "CVE-2023-42753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
    },
    {
      "name": "CVE-2016-1000232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000232"
    },
    {
      "name": "CVE-2015-9262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
    },
    {
      "name": "CVE-2023-32360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
    },
    {
      "name": "CVE-2021-37713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2024-39561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
    },
    {
      "name": "CVE-2022-21303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
    },
    {
      "name": "CVE-2019-17023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2020-35452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35452"
    },
    {
      "name": "CVE-2023-4207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
    },
    {
      "name": "CVE-2022-21617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2022-41741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2021-37712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2023-30630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
    },
    {
      "name": "CVE-2022-21608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
    },
    {
      "name": "CVE-2022-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
    },
    {
      "name": "CVE-2023-20593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
    },
    {
      "name": "CVE-2024-39535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39535"
    },
    {
      "name": "CVE-2024-39545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
    },
    {
      "name": "CVE-2024-39531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39531"
    },
    {
      "name": "CVE-2022-41742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
    },
    {
      "name": "CVE-2019-16777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
    },
    {
      "name": "CVE-2021-2389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
    },
    {
      "name": "CVE-2023-21840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
    },
    {
      "name": "CVE-2019-10081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
    },
    {
      "name": "CVE-2020-1934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
    },
    {
      "name": "CVE-2022-30556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
    },
    {
      "name": "CVE-2020-8648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
    },
    {
      "name": "CVE-2022-21270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
    },
    {
      "name": "CVE-2023-21963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2023-21980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
    },
    {
      "name": "CVE-2024-39530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
    },
    {
      "name": "CVE-2024-39532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
    },
    {
      "name": "CVE-2023-27522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
    },
    {
      "name": "CVE-2024-39557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39557"
    },
    {
      "name": "CVE-2021-2390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
    },
    {
      "name": "CVE-2024-39550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
    },
    {
      "name": "CVE-2022-28615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
    },
    {
      "name": "CVE-2022-21451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
    },
    {
      "name": "CVE-2014-10064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-10064"
    },
    {
      "name": "CVE-2024-39511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
    },
    {
      "name": "CVE-2022-23943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
    },
    {
      "name": "CVE-2024-39548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39548"
    },
    {
      "name": "CVE-2020-11993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11993"
    },
    {
      "name": "CVE-2023-22652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22652"
    },
    {
      "name": "CVE-2024-39528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
    },
    {
      "name": "CVE-2023-3341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
    },
    {
      "name": "CVE-2023-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
    },
    {
      "name": "CVE-2021-43527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2024-39559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39559"
    },
    {
      "name": "CVE-2014-7191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7191"
    },
    {
      "name": "CVE-2021-2356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
    },
    {
      "name": "CVE-2020-36049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36049"
    },
    {
      "name": "CVE-2023-4208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
    },
    {
      "name": "CVE-2021-41524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2020-12402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
    },
    {
      "name": "CVE-2019-11719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
    },
    {
      "name": "CVE-2021-34798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
    },
    {
      "name": "CVE-2024-39519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39519"
    },
    {
      "name": "CVE-2021-32803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2022-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
    },
    {
      "name": "CVE-2019-16775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
    },
    {
      "name": "CVE-2020-12403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
    },
    {
      "name": "CVE-2023-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
    },
    {
      "name": "CVE-2023-2700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2700"
    },
    {
      "name": "CVE-2020-7754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7754"
    },
    {
      "name": "CVE-2024-39533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
    },
    {
      "name": "CVE-2021-22543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
    },
    {
      "name": "CVE-2021-33909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
    },
    {
      "name": "CVE-2021-26690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26690"
    },
    {
      "name": "CVE-2022-22719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
    },
    {
      "name": "CVE-2022-40674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
    },
    {
      "name": "CVE-2022-46663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46663"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    },
    {
      "name": "CVE-2024-39513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39513"
    },
    {
      "name": "CVE-2021-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
    },
    {
      "name": "CVE-2022-21417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
    },
    {
      "name": "CVE-2024-39518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
    },
    {
      "name": "CVE-2023-37450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"
    },
    {
      "name": "CVE-2021-30641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30641"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2020-7660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
    },
    {
      "name": "CVE-2022-31813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
    },
    {
      "name": "CVE-2023-34969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
    },
    {
      "name": "CVE-2019-9517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
    },
    {
      "name": "CVE-2018-20834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20834"
    },
    {
      "name": "CVE-2020-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
    },
    {
      "name": "CVE-2020-1927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
    },
    {
      "name": "CVE-2022-21592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2023-25690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
    },
    {
      "name": "CVE-2021-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2017-15010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
    },
    {
      "name": "CVE-2019-10092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
    },
    {
      "name": "CVE-2024-39541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
    },
    {
      "name": "CVE-2021-44224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
    },
    {
      "name": "CVE-2024-39537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39537"
    },
    {
      "name": "CVE-2022-21444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
    },
    {
      "name": "CVE-2019-17567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17567"
    },
    {
      "name": "CVE-2018-7408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7408"
    },
    {
      "name": "CVE-2019-20149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
    },
    {
      "name": "CVE-2024-20932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2024-39551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2022-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
    },
    {
      "name": "CVE-2020-14145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2024-39565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39565"
    },
    {
      "name": "CVE-2021-31618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31618"
    },
    {
      "name": "CVE-2022-21344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2024-39549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
    },
    {
      "name": "CVE-2022-21367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
    },
    {
      "name": "CVE-2021-33193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
    },
    {
      "name": "CVE-2021-41773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"
    },
    {
      "name": "CVE-2020-11668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
    },
    {
      "name": "CVE-2022-26377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
    },
    {
      "name": "CVE-2021-44790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
    },
    {
      "name": "CVE-2020-9490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9490"
    },
    {
      "name": "CVE-2020-28502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28502"
    },
    {
      "name": "CVE-2024-39556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
    },
    {
      "name": "CVE-2022-37436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
    },
    {
      "name": "CVE-2021-33033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
    },
    {
      "name": "CVE-2023-32439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"
    },
    {
      "name": "CVE-2020-12400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
    },
    {
      "name": "CVE-2023-21912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
    },
    {
      "name": "CVE-2022-28330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28330"
    },
    {
      "name": "CVE-2024-39542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
    },
    {
      "name": "CVE-2022-21454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
    },
    {
      "name": "CVE-2017-1000048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
    },
    {
      "name": "CVE-2022-21427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
    },
    {
      "name": "CVE-2021-40438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2020-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
    },
    {
      "name": "CVE-2021-2372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
    },
    {
      "name": "CVE-2022-21245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    },
    {
      "name": "CVE-2019-10098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
    },
    {
      "name": "CVE-2024-39538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39538"
    },
    {
      "name": "CVE-2022-28614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
    }
  ],
  "initial_release_date": "2024-07-12T00:00:00",
  "last_revision_date": "2024-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0575",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-12T00:00:00.000000"
    },
    {
      "description": "Correction d\u0027identifiants CVE erron\u00e9s",
      "revision_date": "2024-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83001",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82976",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-The-802-1X-Authentication-Daemon-crashes-on-running-a-specific-command-CVE-2024-39511"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83027",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83021",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83018",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82987",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82982",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83012",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83019",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83004",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83010",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83014",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82996",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82980",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83000",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83008",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82991",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83011",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82989",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82997",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83023",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83026",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83013",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83002",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83015",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83007",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82995",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82993",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533"
    },
    {
      "published_at": "2024-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75726",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82988",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83017",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82983",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83020",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82998",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82999",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83016",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82992",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82978",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513"
    }
  ]
}

FKIE_CVE-2011-1473

Vulnerability from fkie_nvd - Published: 2012-06-16 21:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html
	cve@mitre.org	http://marc.info/?l=bugtraq&m=133951357207000&w=2
	cve@mitre.org	http://orchilles.com/2011/03/ssl-renegotiation-dos.html
	cve@mitre.org	http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
	cve@mitre.org	http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
	cve@mitre.org	http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
	cve@mitre.org	http://www.ietf.org/mail-archive/web/tls/current/msg07564.html
	cve@mitre.org	http://www.ietf.org/mail-archive/web/tls/current/msg07567.html
	cve@mitre.org	http://www.ietf.org/mail-archive/web/tls/current/msg07576.html
	cve@mitre.org	http://www.ietf.org/mail-archive/web/tls/current/msg07577.html
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2011/07/08/2
	cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=707065
	cve@mitre.org	https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E
	cve@mitre.org	https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=133951357207000&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://orchilles.com/2011/03/ssl-renegotiation-dos.html
	af854a3a-2127-422b-91ae-364da2661108	http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.ietf.org/mail-archive/web/tls/current/msg07564.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.ietf.org/mail-archive/web/tls/current/msg07567.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.ietf.org/mail-archive/web/tls/current/msg07576.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.ietf.org/mail-archive/web/tls/current/msg07577.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/07/08/2
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=707065
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E

Impacted products

Vendor	Product	Version
openssl	openssl	0.9.8m
openssl	openssl	0.9.8m
openssl	openssl	0.9.8n
openssl	openssl	0.9.8o
openssl	openssl	0.9.8p
openssl	openssl	0.9.8r
openssl	openssl	0.9.8s
openssl	openssl	0.9.8t
openssl	openssl	0.9.8u
openssl	openssl	0.9.8v
openssl	openssl	0.9.8w
openssl	openssl	0.9.8x
openssl	openssl	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
              "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
              "matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
              "matchCriteriaId": "D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7540155-3629-4C76-9C67-8A8E0C1067F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
              "matchCriteriaId": "419BBCCD-6F8A-418A-BA02-56267B11D948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3A2AF8-C7DD-43D0-B03F-37E7EB735C1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB35F63F-7856-42EE-87A6-7EC7F10C2032",
              "versionEndIncluding": "0.9.8k",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment"
    },
    {
      "lang": "es",
      "value": "** EN DISPUTA ** OpenSSL anterior a v0.9.8l y v0.9.8m a trav\u00e9s de 1.x, no restringen adecuadamente por el cliente dentro de la renegociaci\u00f3n de los protocolos SSL y TLS, lo que podr\u00eda hacer m\u00e1s f\u00e1cil para los atacantes remotos causar una denegaci\u00f3n de servicio (el consumo de CPU) mediante la realizaci\u00f3n de las renegociaciones de muchos dentro de una sola conexi\u00f3n, una vulnerabilidad diferente a CVE-2011-5094. NOTA: tambi\u00e9n se puede argumentar que es la responsabilidad de las implementaciones de servidores, no una biblioteca de seguridad, para prevenir o limitar la renegociaci\u00f3n cuando es inapropiado dentro de un entorno espec\u00edfico."
    }
  ],
  "id": "CVE-2011-1473",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-16T21:55:02.437",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-1473

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.

Aliases

CVE-2011-1473

Aliases

CVE-2011-1473

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1473",
    "description": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.",
    "id": "GSD-2011-1473",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-1473.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1473"
      ],
      "details": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.",
      "id": "GSD-2011-1473",
      "modified": "2023-12-13T01:19:07.855061Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-1473",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html",
            "refsource": "MISC",
            "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
          },
          {
            "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
            "refsource": "MLIST",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
          },
          {
            "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
            "refsource": "MLIST",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
          },
          {
            "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
          },
          {
            "name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html",
            "refsource": "MISC",
            "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
          },
          {
            "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
          },
          {
            "name": "SSRT100852",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "[tls] 20110318 Re: SSL Renegotiation DOS",
            "refsource": "MLIST",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
          },
          {
            "name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html",
            "refsource": "MISC",
            "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
          },
          {
            "name": "HPSBMU02776",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "[tls] 20110315 SSL Renegotiation DOS",
            "refsource": "MLIST",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
          },
          {
            "name": "[tls] 20110315 Re: SSL Renegotiation DOS",
            "refsource": "MLIST",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
          },
          {
            "name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d@%3Ccommits.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f@%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557@%3Cdev.rocketmq.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
                    "matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                    "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                    "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
                    "matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A7540155-3629-4C76-9C67-8A8E0C1067F1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
                    "matchCriteriaId": "419BBCCD-6F8A-418A-BA02-56267B11D948",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8A3A2AF8-C7DD-43D0-B03F-37E7EB735C1D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EB35F63F-7856-42EE-87A6-7EC7F10C2032",
                    "versionEndIncluding": "0.9.8k",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment"
          },
          {
            "lang": "es",
            "value": "** EN DISPUTA ** OpenSSL anterior a v0.9.8l y v0.9.8m a trav\u00e9s de 1.x, no restringen adecuadamente por el cliente dentro de la renegociaci\u00f3n de los protocolos SSL y TLS, lo que podr\u00eda hacer m\u00e1s f\u00e1cil para los atacantes remotos causar una denegaci\u00f3n de servicio (el consumo de CPU) mediante la realizaci\u00f3n de las renegociaciones de muchos dentro de una sola conexi\u00f3n, una vulnerabilidad diferente a CVE-2011-5094. NOTA: tambi\u00e9n se puede argumentar que es la responsabilidad de las implementaciones de servidores, no una biblioteca de seguridad, para prevenir o limitar la renegociaci\u00f3n cuando es inapropiado dentro de un entorno espec\u00edfico."
          }
        ],
        "id": "CVE-2011-1473",
        "lastModified": "2024-04-11T00:47:49.440",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ]
        },
        "published": "2012-06-16T21:55:02.437",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-264"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

GHSA-5WJ2-7GQW-V6CM

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2024-03-21 03:33

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1473"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-06-16T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.",
  "id": "GHSA-5wj2-7gqw-v6cm",
  "modified": "2024-03-21T03:33:10Z",
  "published": "2022-05-13T01:10:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1473"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d@%3Ccommits.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
    },
    {
      "type": "WEB",
      "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
    },
    {
      "type": "WEB",
      "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1473 (GCVE-0-2011-1473)

Solution

Solutions

Solution

Solution

Solutions

Tags

Sightings

Nomenclature