Vulnerability-Lookup

CVE-2019-10081 (GCVE-0-2019-10081)

Vulnerability from cvelistv5 – Published: 2019-08-15 21:02 – Updated: 2024-08-04 22:10

Summary

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.

Severity ?

No CVSS data available.

CWE

mod_http2, memory corruption on early pushes

Assigner

apache

References

URL

Tags

	https://www.debian.org/security/2019/dsa-4509	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/47	mailing-listx_refsource_BUGTRAQ
	https://usn.ubuntu.com/4113-1/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://security.gentoo.org/glsa/201909-04	vendor-advisoryx_refsource_GENTOO
	https://lists.apache.org/thread.html/rd18c3c43602…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re3d27b6250a…	mailing-listx_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://httpd.apache.org/security/vulnerabilities…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019090…	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K84341091?utm_…	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/rf6449464fd8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r06f0d87ebb6…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rc998b18880d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r03ee478b3dd…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd2fb621142e…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9f93cf6dde3…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r3c5c3104813…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r76142b8c511…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	Apache HTTP Server	Affected: 2.4.20 to 2.4.39

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:10:09.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4509",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4509"
          },
          {
            "name": "20190826 [SECURITY] [DSA 4509-1] apache2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/47"
          },
          {
            "name": "USN-4113-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4113-1/"
          },
          {
            "name": "openSUSE-SU-2019:2051",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
          },
          {
            "name": "GLSA-201909-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-04"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache HTTP Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.4.20 to 2.4.39"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "mod_http2, memory corruption on early pushes",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:11:32.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "DSA-4509",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4509"
        },
        {
          "name": "20190826 [SECURITY] [DSA 4509-1] apache2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/47"
        },
        {
          "name": "USN-4113-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4113-1/"
        },
        {
          "name": "openSUSE-SU-2019:2051",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
        },
        {
          "name": "GLSA-201909-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-04"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-10081",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache HTTP Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.4.20 to 2.4.39"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "mod_http2, memory corruption on early pushes"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4509",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4509"
            },
            {
              "name": "20190826 [SECURITY] [DSA 4509-1] apache2 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/47"
            },
            {
              "name": "USN-4113-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4113-1/"
            },
            {
              "name": "openSUSE-SU-2019:2051",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
            },
            {
              "name": "GLSA-201909-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-04"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://httpd.apache.org/security/vulnerabilities_24.html",
              "refsource": "MISC",
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190905-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
            },
            {
              "name": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2019-10081",
    "datePublished": "2019-08-15T21:02:49.000Z",
    "dateReserved": "2019-03-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:10:09.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-10081

Vulnerability from osv_almalinux

Published

2020-11-03 12:33

Modified

2022-01-26 07:27

Summary

Moderate: httpd:2.4 security, bug fix, and enhancement update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)

Security Fix(es):

httpd: memory corruption on early pushes (CVE-2019-10081)
httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)
httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)
httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)
httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)
httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)
httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)
httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)
httpd: mod_rewrite potential open redirect (CVE-2019-10098)
httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_md"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.0.8-8.module_el8.5.0+2609+b30d9eec"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_md"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.0.8-8.module_el8.6.0+2872+fe0ff7aa"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)\n\nSecurity Fix(es):\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2020:4751",
  "modified": "2022-01-26T07:27:23Z",
  "published": "2020-11-03T12:33:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-4751.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2018-17189"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-0196"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-0197"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-10081"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-10082"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-10092"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-10097"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-10098"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-1927"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-1934"
    }
  ],
  "related": [
    "CVE-2019-10081",
    "CVE-2019-10082",
    "CVE-2019-10097",
    "CVE-2020-1927",
    "CVE-2018-17189",
    "CVE-2019-0196",
    "CVE-2019-0197",
    "CVE-2019-10092",
    "CVE-2019-10098",
    "CVE-2020-1934"
  ],
  "summary": "Moderate: httpd:2.4 security, bug fix, and enhancement update"
}

GSD-2019-10081

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-10081

Aliases

CVE-2019-10081

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-10081",
    "description": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.",
    "id": "GSD-2019-10081",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-10081.html",
      "https://www.debian.org/security/2019/dsa-4509",
      "https://access.redhat.com/errata/RHSA-2020:4751",
      "https://access.redhat.com/errata/RHSA-2020:1337",
      "https://access.redhat.com/errata/RHSA-2020:1336",
      "https://ubuntu.com/security/CVE-2019-10081",
      "https://advisories.mageia.org/CVE-2019-10081.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2019-10081.html",
      "https://linux.oracle.com/cve/CVE-2019-10081.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-10081"
      ],
      "details": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.",
      "id": "GSD-2019-10081",
      "modified": "2023-12-13T01:23:58.965717Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2019-10081",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache HTTP Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.4.20 to 2.4.39"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "mod_http2, memory corruption on early pushes"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-4509",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2019/dsa-4509"
          },
          {
            "name": "20190826 [SECURITY] [DSA 4509-1] apache2 security update",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Aug/47"
          },
          {
            "name": "USN-4113-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4113-1/"
          },
          {
            "name": "openSUSE-SU-2019:2051",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
          },
          {
            "name": "GLSA-201909-04",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201909-04"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "https://httpd.apache.org/security/vulnerabilities_24.html",
            "refsource": "MISC",
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190905-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
          },
          {
            "name": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp;utm_medium=RSS",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp;utm_medium=RSS"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4.39",
                "versionStartIncluding": "2.4.20",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-10081"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://httpd.apache.org/security/vulnerabilities_24.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
              "name": "DSA-4509",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4509"
            },
            {
              "name": "20190826 [SECURITY] [DSA 4509-1] apache2 security update",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/47"
            },
            {
              "name": "USN-4113-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/4113-1/"
            },
            {
              "name": "openSUSE-SU-2019:2051",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190905-0003/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
            },
            {
              "name": "GLSA-201909-04",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201909-04"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-06-06T11:15Z",
      "publishedDate": "2019-08-15T22:15Z"
    }
  }
}

FKIE_CVE-2019-10081

Vulnerability from fkie_nvd - Published: 2019-08-15 22:15 - Updated: 2024-11-21 04:18

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security@apache.org	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
security@apache.org	https://httpd.apache.org/security/vulnerabilities_24.html	Exploit, Vendor Advisory
security@apache.org	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://seclists.org/bugtraq/2019/Aug/47	Third Party Advisory
security@apache.org	https://security.gentoo.org/glsa/201909-04
security@apache.org	https://security.netapp.com/advisory/ntap-20190905-0003/
security@apache.org	https://support.f5.com/csp/article/K84341091?utm_source=f5support&amp%3Butm_medium=RSS
security@apache.org	https://usn.ubuntu.com/4113-1/
security@apache.org	https://www.debian.org/security/2019/dsa-4509	Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpuapr2020.html
security@apache.org	https://www.oracle.com/security-alerts/cpujul2020.html
security@apache.org	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	https://httpd.apache.org/security/vulnerabilities_24.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Aug/47	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201909-04
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20190905-0003/
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K84341091?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4113-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4509	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Impacted products

Vendor	Product	Version
apache	http_server	*
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3612A3F7-A81C-4841-B9B9-5A8968DFA850",
              "versionEndIncluding": "2.4.39",
              "versionStartIncluding": "2.4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client."
    },
    {
      "lang": "es",
      "value": "Pushes tempranos de HTTP/2 (versiones 2.4.20 hasta 2.4.39) configurados por ejemplo con \"H2PushResource\", podr\u00edan conllevar a una sobrescritura de memoria en el pushing de grupo de peticiones causando bloqueos. La memoria copiada es la de los valores configurados de encabezado del enlace de inserci\u00f3n, no los datos suministrados por el cliente."
    }
  ],
  "id": "CVE-2019-10081",
  "lastModified": "2024-11-21T04:18:21.537",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-15T22:15:12.757",
  "references": [
    {
      "source": "security@apache.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/47"
    },
    {
      "source": "security@apache.org",
      "url": "https://security.gentoo.org/glsa/201909-04"
    },
    {
      "source": "security@apache.org",
      "url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
    },
    {
      "source": "security@apache.org",
      "url": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "security@apache.org",
      "url": "https://usn.ubuntu.com/4113-1/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4509"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/47"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201909-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4113-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-10081

Vulnerability from fstec - Published: 15.08.2019

Title

Уязвимость реализации сетевого протокола HTTP/2 веб-сервера Apache HTTP Server, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость реализации сетевого протокола HTTP/2 веб-сервера Apache HTTP Server связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения, Oracle Corp., ООО «РусБИТех-Астра», Novell Inc., Apache Software Foundation, АО «Концерн ВНИИНС», АО «НТЦ ИТ РОСА»

Software Name

Ubuntu, Debian GNU/Linux, Enterprise Manager Ops Center, Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Suse Linux Enterprise Server, OpenSUSE Leap, SUSE Linux Enterprise Module for High Performance Computing, SUSE Linux Enterprise Module for Server Applications, HTTP Server, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ROSA Virtualization (запись в едином реестре российских программ №5091), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)

Software Version

16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12.3.3 (Enterprise Manager Ops Center), 1.6 «Смоленск» (Astra Linux Special Edition), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 12 SP4 (Suse Linux Enterprise Server), 19.04 (Ubuntu), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for High Performance Computing), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Server Applications), 15 (SUSE Linux Enterprise Module for Server Applications), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), от 2.4.20 до 2.4.39 включительно (HTTP Server), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 12.4.0.0 (Enterprise Manager Ops Center), 1.0 (ОС ОН «Стрелец»), 2.1 (ROSA Virtualization), 3.0 (ROSA Virtualization 3.0)

Possible Mitigations

Использование рекомендаций: Для apache2: https://httpd.apache.org/security/vulnerabilities_24.html Для Debian: Обновление программного обеспечения (пакета apache2) до 2.4.25-3+deb9u8 или более поздней версии Для Ubuntu: https://usn.ubuntu.com/4113-1/ Для программных средств Oracle: https://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html https://www.oracle.com/security-alerts/cpujul2020.html Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2019-10081/ Для Astra Linux: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16 Для ОС ОН «Стрелец»: https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2900 Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2860 Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2899 Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2859

Reference

https://httpd.apache.org/security/vulnerabilities_24.html https://nvd.nist.gov/vuln/detail/CVE-2019-10081 https://security-tracker.debian.org/tracker/CVE-2019-10081 html https://usn.ubuntu.com/4113-1/ https://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html https://www.suse.com/security/cve/CVE-2019-10081/ https://httpd.apache.org/security/vulnerabilities_24.html https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20200429SE81 https://www.oracle.com/security-alerts/cpujul2020.html https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie https://abf.rosa.ru/advisories/ROSA-SA-2025-2900 https://abf.rosa.ru/advisories/ROSA-SA-2025-2860 https://abf.rosa.ru/advisories/ROSA-SA-2025-2899 https://abf.rosa.ru/advisories/ROSA-SA-2025-2859

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Oracle Corp., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Apache Software Foundation, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12.3.3 (Enterprise Manager Ops Center), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 12 SP4 (Suse Linux Enterprise Server), 19.04 (Ubuntu), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for High Performance Computing), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Server Applications), 15 (SUSE Linux Enterprise Module for Server Applications), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), \u043e\u0442 2.4.20 \u0434\u043e 2.4.39 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (HTTP Server), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 12.4.0.0 (Enterprise Manager Ops Center), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 2.1 (ROSA Virtualization), 3.0 (ROSA Virtualization 3.0)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f apache2:\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html\n\n\n\n\u0414\u043b\u044f Debian:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 apache2) \u0434\u043e 2.4.25-3+deb9u8 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\n\nhttps://usn.ubuntu.com/4113-1/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 Oracle:\nhttps://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html\nhttps://www.oracle.com/security-alerts/cpujul2020.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2019-10081/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb: https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2900\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2860\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2899\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2859",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.08.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.10.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-03632",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-10081",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Enterprise Manager Ops Center, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Suse Linux Enterprise Server, OpenSUSE Leap, SUSE Linux Enterprise Module for High Performance Computing, SUSE Linux Enterprise Module for Server Applications, HTTP Server, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Canonical Ltd. Ubuntu 19.04 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , Novell Inc. Suse Linux Enterprise Server 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 HTTP/2 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 HTTP/2 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://httpd.apache.org/security/vulnerabilities_24.html\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10081\n\nhttps://security-tracker.debian.org/tracker/CVE-2019-10081\nhtml\nhttps://usn.ubuntu.com/4113-1/\nhttps://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html\nhttps://www.suse.com/security/cve/CVE-2019-10081/\nhttps://httpd.apache.org/security/vulnerabilities_24.html\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20200429SE81\nhttps://www.oracle.com/security-alerts/cpujul2020.html\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2900\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2860\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2899\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2859",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CERTFR-2019-AVI-402

Vulnerability from certfr_avis - Published: 2019-08-16 - Updated: 2019-08-16

De multiples vulnérabilités ont été découvertes dans Apache Httpd. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	N/A	Apache Httpd versions 2.4.x antérieures à 2.4.41

References

Title

Publication Time

Tags

Bulletin de sécurité Apache 2.4.41 du 14 août 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Httpd versions 2.4.x ant\u00e9rieures \u00e0 2.4.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-10097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
    },
    {
      "name": "CVE-2019-10082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
    },
    {
      "name": "CVE-2019-10081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
    },
    {
      "name": "CVE-2019-9517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
    },
    {
      "name": "CVE-2019-10092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
    },
    {
      "name": "CVE-2019-10098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
    }
  ],
  "initial_release_date": "2019-08-16T00:00:00",
  "last_revision_date": "2019-08-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-402",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-08-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Httpd. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Httpd",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache 2.4.41 du 14 ao\u00fbt 2019",
      "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.41"
    }
  ]
}

CERTFR-2024-AVI-0575

Vulnerability from certfr_avis - Published: 2024-07-12 - Updated: 2024-10-15

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Junos OS versions 23.4 antérieures à 23.4R2
Juniper Networks	N/A	Junos OS Evolved versions 21.4-EVO antérieures à 21.4R2-EVO
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 22.4 antérieures à 22.4R3
Juniper Networks	N/A	Junos OS on MX Series versions 22.2 antérieures à 22.2R3-S3
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 22.1-EVO antérieures à 22.1R3-S6-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 22.4 antérieures à 22.4R3-S2
Juniper Networks	N/A	Junos OS versions 23.2 antérieures à 23.2R2-S1
Juniper Networks	N/A	Session Smart Router versions 6.2 antérieures à SSR-6.2.5-r2
Juniper Networks	N/A	Junos OS on MX Series versions 22.1 antérieures à 22.1R3-S5
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 22.4-EVO antérieures à 22.4R3-S2-EVO
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 23.2-EVO antérieures à 23.2R2-EVO
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 antérieures à 21.4R3-S7
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 21.2 antérieures à 21.2R3-S8
Juniper Networks	N/A	Junos OS versions 22.1 antérieures à 22.1R3-S6
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R3
Juniper Networks	N/A	Junos OS Evolved versions 21.3-EVO antérieures à 21.3R3-S5-EVO
Juniper Networks	N/A	Junos OS Evolved versions 21.2-EVO antérieures à 21.2R3-S7-EVO
Juniper Networks	N/A	Junos OS versions antérieures à 20.4R3-S9
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R2-EVO
Juniper Networks	N/A	Junos OS versions 22.4 antérieures à 22.4R2-S2
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 22.2 antérieures à 22.2R3-S4
Juniper Networks	N/A	Junos OS on MX Series versions 21.4 antérieures à 21.4R3-S6
Juniper Networks	N/A	Junos OS on MX Series versions 22.4 antérieures à 22.4R3
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 22.3 antérieures à 22.3R3-S2
Juniper Networks	N/A	Session Smart Router versions 6.1 antérieures à SSR-6.1.8-lts
Juniper Networks	N/A	Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-EVO
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 antérieures à 20.4R3-S10
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R3
Juniper Networks	N/A	Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-EVO
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 antérieures à 22.4R3
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 antérieures à 22.2R3-S1
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 antérieures à 21.3R3-S5
Juniper Networks	N/A	Junos OS on MX Series versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 22.3 antérieures à 22.3R3-S2
Juniper Networks	N/A	Junos OS versions 21.4 antérieures à 21.4R2
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 22.2 antérieures à 22.2R3-S3
Juniper Networks	N/A	Junos OS versions 23.4 antérieures à 23.4R1-S2
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 antérieures à 22.2R3-S2
Juniper Networks	N/A	Junos OS Evolved versions 22.3-EVO antérieures à 22.3R3-S3-EVO
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 23.2R1-EVO
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 21.4R3-S8-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 22.1 antérieures à 22.1R3-S6
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 antérieures à 21.2R3-S6
Juniper Networks	N/A	Junos OS on MX Series versions antérieures à 21.2R3-S6
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 22.2 antérieures à 22.2R3-S3
Juniper Networks	N/A	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R1-S1-EVO
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS versions antérieures à 21.4R3-S8
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 22.4R3-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R1-S1
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions antérieures à 21.2R3-S7
Juniper Networks	N/A	Session Smart Router versions antérieures à SSR-5.6.14
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 21.2R3-S8-EVO
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions antérieures à 21.2R3-S8
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 antérieures à 22.1R3-S2
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 antérieures à 22.3R3-S1
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions antérieures à 21.4R3-S7-EVO
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 22.1 antérieures à 22.1R3-S5
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 21.4 antérieures à 21.4R3-S6
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 22.3-EVO antérieures à 22.3R3-S3-EVO
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 23.4 antérieures à 23.4R2
Juniper Networks	N/A	Junos OS versions 22.3 antérieures à 22.3R1-S2
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 22.3 antérieures à 22.3R3-S3
Juniper Networks	N/A	Junos OS Evolved versions 22.3-EVO antérieures à 22.3R1-S1-EVO
Juniper Networks	N/A	Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-S3-EVO
Juniper Networks	N/A	Junos OS versions antérieures à 21.2R3-S8
Juniper Networks	N/A	Junos Space versions antérieures à 24.1R1
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 antérieures à 21.4R3-S6
Juniper Networks	N/A	Junos OS Evolved versions 22.3-EVO antérieures à 22.3R2-EVO
Juniper Networks	N/A	Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-EVO
Juniper Networks	N/A	Junos OS versions 22.4 antérieures à 22.4R3-S3
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 20.4R3-S10-EVO
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 22.4 antérieures à 22.4R3-S1
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R1-S2
Juniper Networks	N/A	Junos OS Evolved versions 22.4-EVO antérieures à 22.4R2-S2-EVO
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions antérieures à 21.2R3-S8-EVO
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R2
Juniper Networks	N/A	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S1-EVO
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 22.1 antérieures à 22.1R3-S5
Juniper Networks	N/A	Junos OS Evolved versions antérieures à before 22.1R3-EVO
Juniper Networks	N/A	Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R2-S1
Juniper Networks	N/A	Junos OS Evolved versions 21.4-EVO antérieures à 21.4R3-S8-EVO
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 22.2-EVO antérieures à 22.2R3-S4-EVO
Juniper Networks	N/A	SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 antérieures à 22.1R3-S4
Juniper Networks	N/A	Junos OS versions 21.3 antérieures à 21.3R3-S5
Juniper Networks	N/A	Junos OS versions antérieures à 22.1R2-S2
Juniper Networks	N/A	Junos OS Evolved versions 22.1-EVO antérieures à 22.1R3-S6-EVO
Juniper Networks	N/A	Junos OS versions 22.2 antérieures à 22.2R3-S4
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 21.4 antérieures à 21.4R3-S7
Juniper Networks	N/A	Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R1-S2-EVO
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 22.4R2-EVO
Juniper Networks	N/A	Junos OS on MX Series with SPC3 line card versions 23.2 antérieures à 23.2R2
Juniper Networks	N/A	Junos OS versions 22.2 antérieures à 22.2R2-S1
Juniper Networks	N/A	Junos OS versions 23.1 antérieures à 23.1R2
Juniper Networks	N/A	Junos OS on MX Series versions 22.3 antérieures à 22.3R3-S2
Juniper Networks	N/A	Junos OS versions 22.3 antérieures à 22.3R3-S3
Juniper Networks	N/A	Junos OS Evolved versions 22.2-EVO antérieures à 22.2R3-S4-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions antérieures à 21.2R3-S8
Juniper Networks	N/A	Junos OS versions 22.3 antérieures à 22.3R2-S2
Juniper Networks	N/A	Junos OS on QFX5000 Series and EX4600 Series versions 21.4 antérieures à 21.4R3-S6
Juniper Networks	N/A	Junos OS Evolved versions 22.2-EVO antérieures à 22.2R2-S1-EVO
Juniper Networks	N/A	Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R2
Juniper Networks	N/A	Junos OS Evolved versions 23.4-EVO antérieures à 23.4R1-S2-EVO

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA83001	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82976	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83027	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83021	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83018	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82987	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82982	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83012	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83019	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83004	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83010	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83014	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82996	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82980	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83000	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83008	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82991	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83011	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82989	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82997	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83023	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83026	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83013	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83002	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83015	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83007	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82995	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82993	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA75726	2024-07-11	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82988	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83017	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82983	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83020	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82998	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82999	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA83016	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82992	2024-07-10	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82978	2024-07-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions 6.2 ant\u00e9rieures \u00e0 SSR-6.2.5-r2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.3-EVO ant\u00e9rieures \u00e0 21.3R3-S5-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R3-S7-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R2-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions 6.1 ant\u00e9rieures \u00e0 SSR-6.1.8-lts",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 23.2R1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R1-S1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.4R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions ant\u00e9rieures \u00e0 21.2R3-S7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-5.6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions ant\u00e9rieures \u00e0 21.2R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R1-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R1-S1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S10-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R1-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R2-S2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 before 22.1R3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 22.1R2-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series with SPC3 line card versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R2-S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.1 ant\u00e9rieures \u00e0 23.1R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on MX Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on QFX5000 Series and EX4600 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R2-S1-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-39560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
    },
    {
      "name": "CVE-2023-32435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"
    },
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2024-39554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2024-39539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
    },
    {
      "name": "CVE-2021-36160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
    },
    {
      "name": "CVE-2020-12401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
    },
    {
      "name": "CVE-2024-39558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
    },
    {
      "name": "CVE-2022-30522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
    },
    {
      "name": "CVE-2021-37701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
    },
    {
      "name": "CVE-2022-21460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
    },
    {
      "name": "CVE-2021-31535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
    },
    {
      "name": "CVE-2022-36760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
    },
    {
      "name": "CVE-2021-33034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2024-39552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
    },
    {
      "name": "CVE-2021-27290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
    },
    {
      "name": "CVE-2019-11727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
    },
    {
      "name": "CVE-2023-3390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
    },
    {
      "name": "CVE-2023-4004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
    },
    {
      "name": "CVE-2021-29469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
    },
    {
      "name": "CVE-2023-2002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2021-23440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
    },
    {
      "name": "CVE-2021-32804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
    },
    {
      "name": "CVE-2020-13950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13950"
    },
    {
      "name": "CVE-2021-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
    },
    {
      "name": "CVE-2024-39546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39546"
    },
    {
      "name": "CVE-2024-39540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
    },
    {
      "name": "CVE-2018-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3737"
    },
    {
      "name": "CVE-2024-39543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
    },
    {
      "name": "CVE-2020-11984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
    },
    {
      "name": "CVE-2022-22721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
    },
    {
      "name": "CVE-2021-35624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
    },
    {
      "name": "CVE-2023-35788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2024-39514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
    },
    {
      "name": "CVE-2022-25147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
    },
    {
      "name": "CVE-2021-35604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
    },
    {
      "name": "CVE-2021-42013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"
    },
    {
      "name": "CVE-2023-34059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34059"
    },
    {
      "name": "CVE-2024-39529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39529"
    },
    {
      "name": "CVE-2006-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2021-2385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
    },
    {
      "name": "CVE-2022-29167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29167"
    },
    {
      "name": "CVE-2020-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
    },
    {
      "name": "CVE-2019-10747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10747"
    },
    {
      "name": "CVE-2023-34058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
    },
    {
      "name": "CVE-2011-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
    },
    {
      "name": "CVE-2019-16776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
    },
    {
      "name": "CVE-2022-21589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2019-10097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2023-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2023-4206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
    },
    {
      "name": "CVE-2022-21304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
    },
    {
      "name": "CVE-2023-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
    },
    {
      "name": "CVE-2024-39536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
    },
    {
      "name": "CVE-2024-39555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2023-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
    },
    {
      "name": "CVE-2020-13938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13938"
    },
    {
      "name": "CVE-2016-10540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
    },
    {
      "name": "CVE-2019-10082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
    },
    {
      "name": "CVE-2023-42753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
    },
    {
      "name": "CVE-2016-1000232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000232"
    },
    {
      "name": "CVE-2015-9262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
    },
    {
      "name": "CVE-2023-32360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
    },
    {
      "name": "CVE-2021-37713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2024-39561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
    },
    {
      "name": "CVE-2022-21303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
    },
    {
      "name": "CVE-2019-17023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2020-35452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35452"
    },
    {
      "name": "CVE-2023-4207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
    },
    {
      "name": "CVE-2022-21617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2022-41741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2021-37712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2023-30630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
    },
    {
      "name": "CVE-2022-21608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
    },
    {
      "name": "CVE-2022-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
    },
    {
      "name": "CVE-2023-20593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
    },
    {
      "name": "CVE-2024-39535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39535"
    },
    {
      "name": "CVE-2024-39545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
    },
    {
      "name": "CVE-2024-39531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39531"
    },
    {
      "name": "CVE-2022-41742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
    },
    {
      "name": "CVE-2019-16777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
    },
    {
      "name": "CVE-2021-2389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
    },
    {
      "name": "CVE-2023-21840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
    },
    {
      "name": "CVE-2019-10081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
    },
    {
      "name": "CVE-2020-1934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
    },
    {
      "name": "CVE-2022-30556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
    },
    {
      "name": "CVE-2020-8648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
    },
    {
      "name": "CVE-2022-21270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
    },
    {
      "name": "CVE-2023-21963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2023-21980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
    },
    {
      "name": "CVE-2024-39530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
    },
    {
      "name": "CVE-2024-39532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
    },
    {
      "name": "CVE-2023-27522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
    },
    {
      "name": "CVE-2024-39557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39557"
    },
    {
      "name": "CVE-2021-2390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
    },
    {
      "name": "CVE-2024-39550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
    },
    {
      "name": "CVE-2022-28615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
    },
    {
      "name": "CVE-2022-21451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
    },
    {
      "name": "CVE-2014-10064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-10064"
    },
    {
      "name": "CVE-2024-39511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
    },
    {
      "name": "CVE-2022-23943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
    },
    {
      "name": "CVE-2024-39548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39548"
    },
    {
      "name": "CVE-2020-11993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11993"
    },
    {
      "name": "CVE-2023-22652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22652"
    },
    {
      "name": "CVE-2024-39528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
    },
    {
      "name": "CVE-2023-3341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
    },
    {
      "name": "CVE-2023-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
    },
    {
      "name": "CVE-2021-43527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2024-39559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39559"
    },
    {
      "name": "CVE-2014-7191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7191"
    },
    {
      "name": "CVE-2021-2356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
    },
    {
      "name": "CVE-2020-36049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36049"
    },
    {
      "name": "CVE-2023-4208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
    },
    {
      "name": "CVE-2021-41524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2020-12402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
    },
    {
      "name": "CVE-2019-11719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
    },
    {
      "name": "CVE-2021-34798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
    },
    {
      "name": "CVE-2024-39519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39519"
    },
    {
      "name": "CVE-2021-32803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2022-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
    },
    {
      "name": "CVE-2019-16775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
    },
    {
      "name": "CVE-2020-12403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
    },
    {
      "name": "CVE-2023-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
    },
    {
      "name": "CVE-2023-2700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2700"
    },
    {
      "name": "CVE-2020-7754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7754"
    },
    {
      "name": "CVE-2024-39533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
    },
    {
      "name": "CVE-2021-22543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
    },
    {
      "name": "CVE-2021-33909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
    },
    {
      "name": "CVE-2021-26690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26690"
    },
    {
      "name": "CVE-2022-22719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
    },
    {
      "name": "CVE-2022-40674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
    },
    {
      "name": "CVE-2022-46663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46663"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    },
    {
      "name": "CVE-2024-39513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39513"
    },
    {
      "name": "CVE-2021-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
    },
    {
      "name": "CVE-2022-21417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
    },
    {
      "name": "CVE-2024-39518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
    },
    {
      "name": "CVE-2023-37450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"
    },
    {
      "name": "CVE-2021-30641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30641"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2020-7660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
    },
    {
      "name": "CVE-2022-31813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
    },
    {
      "name": "CVE-2023-34969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
    },
    {
      "name": "CVE-2019-9517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
    },
    {
      "name": "CVE-2018-20834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20834"
    },
    {
      "name": "CVE-2020-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
    },
    {
      "name": "CVE-2020-1927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
    },
    {
      "name": "CVE-2022-21592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2023-25690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
    },
    {
      "name": "CVE-2021-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2017-15010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
    },
    {
      "name": "CVE-2019-10092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
    },
    {
      "name": "CVE-2024-39541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
    },
    {
      "name": "CVE-2021-44224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
    },
    {
      "name": "CVE-2024-39537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39537"
    },
    {
      "name": "CVE-2022-21444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
    },
    {
      "name": "CVE-2019-17567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17567"
    },
    {
      "name": "CVE-2018-7408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7408"
    },
    {
      "name": "CVE-2019-20149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
    },
    {
      "name": "CVE-2024-20932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2024-39551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2022-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
    },
    {
      "name": "CVE-2020-14145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2024-39565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39565"
    },
    {
      "name": "CVE-2021-31618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31618"
    },
    {
      "name": "CVE-2022-21344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2024-39549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
    },
    {
      "name": "CVE-2022-21367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
    },
    {
      "name": "CVE-2021-33193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
    },
    {
      "name": "CVE-2021-41773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"
    },
    {
      "name": "CVE-2020-11668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
    },
    {
      "name": "CVE-2022-26377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
    },
    {
      "name": "CVE-2021-44790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
    },
    {
      "name": "CVE-2020-9490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9490"
    },
    {
      "name": "CVE-2020-28502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28502"
    },
    {
      "name": "CVE-2024-39556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
    },
    {
      "name": "CVE-2022-37436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
    },
    {
      "name": "CVE-2021-33033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
    },
    {
      "name": "CVE-2023-32439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"
    },
    {
      "name": "CVE-2020-12400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
    },
    {
      "name": "CVE-2023-21912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
    },
    {
      "name": "CVE-2022-28330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28330"
    },
    {
      "name": "CVE-2024-39542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
    },
    {
      "name": "CVE-2022-21454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
    },
    {
      "name": "CVE-2017-1000048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
    },
    {
      "name": "CVE-2022-21427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
    },
    {
      "name": "CVE-2021-40438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2020-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
    },
    {
      "name": "CVE-2021-2372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
    },
    {
      "name": "CVE-2022-21245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    },
    {
      "name": "CVE-2019-10098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
    },
    {
      "name": "CVE-2024-39538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39538"
    },
    {
      "name": "CVE-2022-28614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
    }
  ],
  "initial_release_date": "2024-07-12T00:00:00",
  "last_revision_date": "2024-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0575",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-12T00:00:00.000000"
    },
    {
      "description": "Correction d\u0027identifiants CVE erron\u00e9s",
      "revision_date": "2024-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83001",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82976",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-The-802-1X-Authentication-Daemon-crashes-on-running-a-specific-command-CVE-2024-39511"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83027",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83021",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83018",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82987",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82982",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83012",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83019",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83004",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83010",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83014",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82996",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82980",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83000",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83008",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82991",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83011",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82989",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82997",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83023",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83026",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83013",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83002",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83015",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83007",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82995",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82993",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533"
    },
    {
      "published_at": "2024-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75726",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82988",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83017",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82983",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83020",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82998",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82999",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83016",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82992",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82978",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513"
    }
  ]
}

GHSA-C2VP-Q2Q2-HM8M

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2024-04-04 01:41

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-10081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-15T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.",
  "id": "GHSA-c2vp-q2q2-hm8m",
  "modified": "2024-04-04T01:41:29Z",
  "published": "2022-05-24T16:53:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10081"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4509"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4113-1"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp;utm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K84341091?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190905-0003"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201909-04"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Aug/47"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-10081 (GCVE-0-2019-10081)

cve-2019-10081

Vulnerability from osv_almalinux

GSD-2019-10081

FKIE_CVE-2019-10081

CVE-2019-10081

CERTFR-2019-AVI-402

Solution

CERTFR-2024-AVI-0575

Solutions

GHSA-C2VP-Q2Q2-HM8M

Tags

Sightings

Nomenclature