Vulnerabilites related to EmbedThis - GoAhead
CVE-2024-3187 (GCVE-0-2024-3187)
Vulnerability from cvelistv5
Published
2024-10-17 07:34
Modified
2024-10-17 14:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:40:32.549079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:40:42.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GoAhead",
"repo": "https://www.embedthis.com/goahead/download.html",
"vendor": "EmbedThis",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions \u0026lt;= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent."
}
],
"value": "This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions \u003c= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T07:34:50.960Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3187"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is recommended to apply fixes introduced in version 6.0.1 of GoAhead and use the latest version available as base for building custom web servers."
}
],
"value": "It is recommended to apply fixes introduced in version 6.0.1 of GoAhead and use the latest version available as base for building custom web servers."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-3187",
"datePublished": "2024-10-17T07:34:50.960Z",
"dateReserved": "2024-04-02T13:02:32.106Z",
"dateUpdated": "2024-10-17T14:40:42.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15504 (GCVE-0-2018-15504)
Vulnerability from cvelistv5
Published
2018-08-18 00:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
},
{
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15504",
"datePublished": "2018-08-18T00:00:00",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19240 (GCVE-0-2019-19240)
Vulnerability from cvelistv5
Published
2019-11-22 18:46
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/289"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/releases/tag/v5.0.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-22T18:46:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/issues/290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/issues/289"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/releases/tag/v5.0.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/goahead/issues/290",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/issues/290"
},
{
"name": "https://github.com/embedthis/goahead/issues/289",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/issues/289"
},
{
"name": "https://github.com/embedthis/goahead/releases/tag/v5.0.1",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/releases/tag/v5.0.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19240",
"datePublished": "2019-11-22T18:46:04",
"dateReserved": "2019-11-22T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15505 (GCVE-0-2018-15505)
Vulnerability from cvelistv5
Published
2018-08-18 00:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted \"Host\" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing \u0027]\u0027 character in an IPv6 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15505",
"datePublished": "2018-08-18T00:00:00",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17562 (GCVE-0-2017-17562)
Vulnerability from cvelistv5
Published
2017-12-12 19:00
Modified
2025-07-30 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:32.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elttam/advisories/tree/master/CVE-2017-17562"
},
{
"name": "1040702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040702"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elttam.com.au/blog/goahead/"
},
{
"name": "43360",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43360/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/249"
},
{
"name": "43877",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43877/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-17562",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:55:58.575496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-17562"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:46:20.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-12-10T00:00:00+00:00",
"value": "CVE-2017-17562 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-19T01:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elttam/advisories/tree/master/CVE-2017-17562"
},
{
"name": "1040702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040702"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elttam.com.au/blog/goahead/"
},
{
"name": "43360",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43360/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/issues/249"
},
{
"name": "43877",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43877/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/elttam/advisories/tree/master/CVE-2017-17562",
"refsource": "MISC",
"url": "https://github.com/elttam/advisories/tree/master/CVE-2017-17562"
},
{
"name": "1040702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040702"
},
{
"name": "https://www.elttam.com.au/blog/goahead/",
"refsource": "MISC",
"url": "https://www.elttam.com.au/blog/goahead/"
},
{
"name": "43360",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43360/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74"
},
{
"name": "https://github.com/embedthis/goahead/issues/249",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/issues/249"
},
{
"name": "43877",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43877/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17562",
"datePublished": "2017-12-12T19:00:00.000Z",
"dateReserved": "2017-12-12T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:46:20.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5097 (GCVE-0-2019-5097)
Vulnerability from cvelistv5
Published
2019-12-03 21:49
Modified
2024-08-04 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EmbedThis",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EmbedThis GoAhead Web Server v5.0.1 EmbedThis GoAhead Web Server v4.1.1 EmbedThis GoAhead Web Server v3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:34:09",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EmbedThis",
"version": {
"version_data": [
{
"version_value": "EmbedThis GoAhead Web Server v5.0.1 EmbedThis GoAhead Web Server v4.1.1 EmbedThis GoAhead Web Server v3.6.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5097",
"datePublished": "2019-12-03T21:49:38",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42342 (GCVE-0-2021-42342)
Vulnerability from cvelistv5
Published
2021-10-14 05:08
Modified
2024-08-04 03:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-14T05:08:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/issues/305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/goahead/issues/305",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/issues/305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42342",
"datePublished": "2021-10-14T05:08:38",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5674 (GCVE-0-2017-5674)
Vulnerability from cvelistv5
Published
2017-03-13 06:14
Modified
2024-08-05 15:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cybereason.com/cve-ip-cameras/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP (\"GET system.ini HTTP/1.1\\n\\n\" - note the lack of \"/\" in the path field of the request) request that will disclose the configuration file with the login password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-13T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cybereason.com/cve-ip-cameras/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP (\"GET system.ini HTTP/1.1\\n\\n\" - note the lack of \"/\" in the path field of the request) request that will disclose the configuration file with the login password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/",
"refsource": "MISC",
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
},
{
"name": "https://www.cybereason.com/cve-ip-cameras/",
"refsource": "MISC",
"url": "https://www.cybereason.com/cve-ip-cameras/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5674",
"datePublished": "2017-03-13T06:14:00",
"dateReserved": "2017-01-31T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3186 (GCVE-0-2024-3186)
Vulnerability from cvelistv5
Published
2024-10-17 07:34
Modified
2024-10-17 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:41:17.067450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:41:27.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GoAhead",
"repo": "https://www.embedthis.com/goahead/download.html",
"vendor": "EmbedThis",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version \u0026lt;= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates."
}
],
"value": "CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version \u003c= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T07:34:37.433Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3186"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is recommended to apply fixes introduced in version 6.0.1 of GoAhead and use the latest version available as base for building custom web servers."
}
],
"value": "It is recommended to apply fixes introduced in version 6.0.1 of GoAhead and use the latest version available as base for building custom web servers."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-3186",
"datePublished": "2024-10-17T07:34:37.433Z",
"dateReserved": "2024-04-02T13:02:29.658Z",
"dateUpdated": "2024-10-17T14:41:27.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5096 (GCVE-0-2019-5096)
Vulnerability from cvelistv5
Published
2019-12-03 21:52
Modified
2024-08-04 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EmbedThis",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EmbedThis GoAhead Web Server v5.0.1 EmbedThis GoAhead Web Server v4.1.1 EmbedThis GoAhead Web Server v3.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:34:08",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EmbedThis",
"version": {
"version_data": [
{
"version_value": "EmbedThis GoAhead Web Server v5.0.1 EmbedThis GoAhead Web Server v4.1.1 EmbedThis GoAhead Web Server v3.6.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5096",
"datePublished": "2019-12-03T21:52:15",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:55.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9707 (GCVE-0-2014-9707)
Vulnerability from cvelistv5
Published
2015-03-31 14:00
Modified
2024-08-06 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:05.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/106"
},
{
"name": "20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html"
},
{
"name": "1032208",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032208"
},
{
"name": "20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535027/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/embedthis/goahead/issues/106"
},
{
"name": "20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html"
},
{
"name": "1032208",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032208"
},
{
"name": "20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535027/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/goahead/issues/106",
"refsource": "CONFIRM",
"url": "https://github.com/embedthis/goahead/issues/106"
},
{
"name": "20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/157"
},
{
"name": "https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77",
"refsource": "CONFIRM",
"url": "https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77"
},
{
"name": "http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html"
},
{
"name": "1032208",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032208"
},
{
"name": "20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535027/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9707",
"datePublished": "2015-03-31T14:00:00",
"dateReserved": "2015-03-23T00:00:00",
"dateUpdated": "2024-08-06T13:55:05.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14149 (GCVE-0-2017-14149)
Vulnerability from cvelistv5
Published
2017-09-05 07:00
Modified
2024-09-16 18:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/shadow4u/goaheaddebug/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a \"POST / HTTP/1.1\" request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T07:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/shadow4u/goaheaddebug/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a \"POST / HTTP/1.1\" request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/shadow4u/goaheaddebug/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/shadow4u/goaheaddebug/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14149",
"datePublished": "2017-09-05T07:00:00Z",
"dateReserved": "2017-09-05T00:00:00Z",
"dateUpdated": "2024-09-16T18:55:35.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3184 (GCVE-0-2024-3184)
Vulnerability from cvelistv5
Published
2024-10-17 07:32
Modified
2024-10-17 14:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:42:03.408687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:42:12.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GoAhead",
"repo": "https://www.embedthis.com/goahead/download.html",
"vendor": "EmbedThis",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS)."
}
],
"value": "Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T07:32:18.369Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3184"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is recommended to apply fixes introduced in version 6.0.1 of GoAhead and use the latest version available as base for building custom web servers."
}
],
"value": "It is recommended to apply fixes introduced in version 6.0.1 of GoAhead and use the latest version available as base for building custom web servers."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-3184",
"datePublished": "2024-10-17T07:32:18.369Z",
"dateReserved": "2024-04-02T10:32:53.912Z",
"dateUpdated": "2024-10-17T14:42:12.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53155 (GCVE-0-2023-53155)
Vulnerability from cvelistv5
Published
2025-07-25 00:00
Modified
2025-07-29 13:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:54:07.720388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:54:12.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GoAhead",
"vendor": "EmbedThis",
"versions": [
{
"status": "affected",
"version": "2.5",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5",
"versionStartIncluding": "2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T16:32:44.863Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51762"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-53155",
"datePublished": "2025-07-25T00:00:00.000Z",
"dateReserved": "2025-07-25T00:00:00.000Z",
"dateUpdated": "2025-07-29T13:54:12.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41615 (GCVE-0-2021-41615)
Vulnerability from cvelistv5
Published
2022-08-08 18:26
Modified
2024-08-04 03:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1.8 is a version from 2003; however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://devel.rtems.org/browser/rtems/cpukit/httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gz?raw=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1.8 is a version from 2003; however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T18:26:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://devel.rtems.org/browser/rtems/cpukit/httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gz?raw=true"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1.8 is a version from 2003; however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://devel.rtems.org/browser/rtems/cpukit/httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca",
"refsource": "MISC",
"url": "https://devel.rtems.org/browser/rtems/cpukit/httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca"
},
{
"name": "https://github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gz?raw=true",
"refsource": "MISC",
"url": "https://github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gz?raw=true"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41615",
"datePublished": "2022-08-08T18:26:11",
"dateReserved": "2021-09-25T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16645 (GCVE-0-2019-16645)
Vulnerability from cvelistv5
Published
2019-09-20 18:24
Modified
2024-08-05 01:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:41.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-01T22:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection",
"refsource": "MISC",
"url": "https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection"
},
{
"name": "http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16645",
"datePublished": "2019-09-20T18:24:15",
"dateReserved": "2019-09-20T00:00:00",
"dateUpdated": "2024-08-05T01:17:41.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15688 (GCVE-0-2020-15688)
Vulnerability from cvelistv5
Published
2020-07-23 12:32
Modified
2024-08-04 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-07T17:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/goahead-gpl/issues/3",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
},
{
"name": "https://github.com/embedthis/goahead-gpl/issues/3",
"refsource": "CONFIRM",
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
},
{
"name": "http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15688",
"datePublished": "2020-07-23T12:32:37",
"dateReserved": "2020-07-13T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43298 (GCVE-0-2021-43298)
Vulnerability from cvelistv5
Published
2022-01-25 19:11
Modified
2024-08-04 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "goahead",
"vendor": "embedthis",
"versions": [
{
"lessThan": "5.1.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The code that performs password matching when using \u0027Basic\u0027 HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver\u0027s response time until the unauthorized (401) response."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T19:11:17",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/issues/304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-43298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "goahead",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "5.1.4"
}
]
}
}
]
},
"vendor_name": "embedthis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The code that performs password matching when using \u0027Basic\u0027 HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver\u0027s response time until the unauthorized (401) response."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/goahead/issues/304",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/issues/304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-43298",
"datePublished": "2022-01-25T19:11:17",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000471 (GCVE-0-2017-1000471)
Vulnerability from cvelistv5
Published
2018-01-03 20:00
Modified
2024-09-16 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/pull/258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/pull/258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000471",
"REQUESTER": "rwightman@dragos.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/goahead/pull/258",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/pull/258"
},
{
"name": "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000471",
"datePublished": "2018-01-03T20:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-16T18:12:44.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12822 (GCVE-0-2019-12822)
Vulnerability from cvelistv5
Published
2019-06-14 13:06
Modified
2024-08-04 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/compare/5349710...579f21f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-14T13:06:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/issues/285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/goahead/compare/5349710...579f21f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/goahead/issues/285",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/issues/285"
},
{
"name": "https://github.com/embedthis/goahead/compare/5349710...579f21f",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/compare/5349710...579f21f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12822",
"datePublished": "2019-06-14T13:06:56",
"dateReserved": "2019-06-14T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5675 (GCVE-0-2017-5675)
Vulnerability from cvelistv5
Published
2017-03-13 06:14
Modified
2024-08-05 15:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cybereason.com/cve-ip-cameras/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-13T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cybereason.com/cve-ip-cameras/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/",
"refsource": "MISC",
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
},
{
"name": "https://www.cybereason.com/cve-ip-cameras/",
"refsource": "MISC",
"url": "https://www.cybereason.com/cve-ip-cameras/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5675",
"datePublished": "2017-03-13T06:14:00",
"dateReserved": "2017-01-31T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-07-23 13:15
Modified
2024-11-21 05:06
Severity ?
Summary
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/embedthis/goahead-gpl/issues/3 | Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/goahead-gpl/issues/3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead-gpl/issues/3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead-gpl/issues/3 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D376801-99A2-499C-81A0-BE19120B78BF",
"versionEndExcluding": "5.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n de HTTP Digest en el servidor web de GoAhead versiones anteriores a 5.1.2 no protege completamente contra los ataques de repetici\u00f3n. Esto permite a un atacante remoto no autenticado eludir la autenticaci\u00f3n a trav\u00e9s de la captura-reproducci\u00f3n si no se utiliza el TLS para proteger el canal de comunicaci\u00f3n subyacente"
}
],
"id": "CVE-2020-15688",
"lastModified": "2024-11-21T05:06:01.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-23T13:15:10.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead-gpl/issues/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-31 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html | Exploit | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2015/Mar/157 | Exploit | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/535027/100/0/threaded | ||
| cve@mitre.org | http://www.securitytracker.com/id/1032208 | ||
| cve@mitre.org | https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77 | ||
| cve@mitre.org | https://github.com/embedthis/goahead/issues/106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2015/Mar/157 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/535027/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032208 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/issues/106 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45742C8A-B721-45C2-9FE0-7BA644DDB3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAE51A5-4B89-480D-BD78-30404A55F8C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "520C250B-98A1-46F9-8088-CB13D958B482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76ED896A-F0BD-479B-8BDA-CDE44CA4A8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F34E5498-3073-4251-B167-6CE8695502C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "182F9C41-2DD0-475A-B49B-1B38AE5DF626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B18FF36-6934-4B80-9437-B202FDE9A55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26DE3222-0FA8-49DE-8E94-AB3BC8816F9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI."
},
{
"lang": "es",
"value": "EmbedThis GoAhead 3.0.0 hasta 3.4.1 no maneja correctamente los segmentos de rutas que comienzan con un . (punto), lo que permite a atacantes remotos realizar ataques de salto de directorio, causar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en memoria din\u00e1mica y ca\u00edda), o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una URI manipulada."
}
],
"id": "CVE-2014-9707",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-31T14:59:06.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/157"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535027/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032208"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/embedthis/goahead/issues/106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535027/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/embedthis/goahead/issues/106"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-13 06:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cybereason.com/cve-ip-cameras/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cybereason.com/cve-ip-cameras/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/ | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB4FC40-2D26-4B0D-8F58-4C6AC92F1C96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP (\"GET system.ini HTTP/1.1\\n\\n\" - note the lack of \"/\" in the path field of the request) request that will disclose the configuration file with the login password."
},
{
"lang": "es",
"value": "Una vulnerabilidad en un servidor web GoAhead personalizado que se utiliza en Foscam, Vstarcam y m\u00faltiples modelos de c\u00e1mara IP de marca blanca permite a un atacante crear una solicitud HTTP malformada (\"GET system.ini HTTP/1.1\\n\\n\" - note the lack of \"/\" en el campo de la ruta de la solicitud) que revelar\u00e1 el archivo de configuraci\u00f3n con la contrase\u00f1a de inicio de sesi\u00f3n."
}
],
"id": "CVE-2017-5674",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-13T06:59:00.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cybereason.com/cve-ip-cameras/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cybereason.com/cve-ip-cameras/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-20 19:15
Modified
2024-11-21 04:30
Severity ?
Summary
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html | ||
| cve@mitre.org | https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7152D790-62CF-4591-A20A-87A9CBD23A6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Embedthis GoAhead versi\u00f3n 2.5.0. Ciertas p\u00e1ginas (tales como goform/login y config/log_off_page.htm) crean enlaces que contienen un nombre del host obtenido desde un encabezado de Host HTTP arbitrario enviado por parte de un atacante. Esto podr\u00eda ser usado potencialmente en un ataque de phishing."
}
],
"id": "CVE-2019-16645",
"lastModified": "2024-11-21T04:30:52.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-20T19:15:11.860",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-03 22:15
Modified
2024-11-21 04:44
Severity ?
Summary
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81A1B366-C737-43F7-A391-C28C434026C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957445DB-98D7-4223-8841-A4F364E02B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5512FFAE-3A29-4E57-AF71-04C9A064711B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo explotable en el procesamiento de peticiones de datos de formulario multiparte dentro de la aplicaci\u00f3n base del servidor web GoAhead en versiones v5.0.1, v.4.1.1 y v3.6.5. Una petici\u00f3n HTTP especialmente dise\u00f1ada puede generar una condici\u00f3n de uso de la memoria previamente liberada del procesamiento de esta petici\u00f3n que puede ser utilizada para corromper las estructuras de la pila lo que podr\u00edan conllevar a una ejecuci\u00f3n completa del c\u00f3digo. La petici\u00f3n puede no ser autenticada en la forma de peticiones GET o POST, y no requiere que el recurso solicitado exista en el servidor."
}
],
"id": "CVE-2019-5096",
"lastModified": "2024-11-21T04:44:20.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T22:15:14.823",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 20:29
Modified
2024-11-21 03:04
Severity ?
Summary
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/goahead/pull/258 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/pull/258 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A44EBE0-D62A-445A-8D02-7CDBDFB70B85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service."
},
{
"lang": "es",
"value": "EmbedThis GoAhead Webserver, versi\u00f3n 4.0.0, es vulnerable a una desreferencia de puntero NULL en el manipulador CGI. Esto resulta en una corrupci\u00f3n de memoria o denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-1000471",
"lastModified": "2024-11-21T03:04:48.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T20:29:00.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/pull/258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/pull/258"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-18 03:29
Modified
2024-11-21 03:50
Severity ?
Summary
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/appweb/issues/605 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/goahead/issues/264 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server | Third Party Advisory | |
| cve@mitre.org | https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/appweb/issues/605 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/issues/264 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| embedthis | appweb | * | |
| embedthis | goahead | * | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | srx100 | - | |
| juniper | srx110 | - | |
| juniper | srx1400 | - | |
| juniper | srx1500 | - | |
| juniper | srx210 | - | |
| juniper | srx220 | - | |
| juniper | srx240 | - | |
| juniper | srx240h2 | - | |
| juniper | srx240m | - | |
| juniper | srx300 | - | |
| juniper | srx320 | - | |
| juniper | srx340 | - | |
| juniper | srx3400 | - | |
| juniper | srx345 | - | |
| juniper | srx3600 | - | |
| juniper | srx380 | - | |
| juniper | srx4000 | - | |
| juniper | srx4100 | - | |
| juniper | srx4200 | - | |
| juniper | srx4600 | - | |
| juniper | srx5000 | - | |
| juniper | srx5400 | - | |
| juniper | srx550 | - | |
| juniper | srx550_hm | - | |
| juniper | srx550m | - | |
| juniper | srx5600 | - | |
| juniper | srx5800 | - | |
| juniper | srx650 | - | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | ex2200 | - | |
| juniper | ex2200-c | - | |
| juniper | ex2200-vc | - | |
| juniper | ex2300 | - | |
| juniper | ex2300-24mp | - | |
| juniper | ex2300-24p | - | |
| juniper | ex2300-24t | - | |
| juniper | ex2300-48mp | - | |
| juniper | ex2300-48p | - | |
| juniper | ex2300-48t | - | |
| juniper | ex2300-c | - | |
| juniper | ex2300m | - | |
| juniper | ex3200 | - | |
| juniper | ex3300 | - | |
| juniper | ex3300-vc | - | |
| juniper | ex3400 | - | |
| juniper | ex4200 | - | |
| juniper | ex4200-vc | - | |
| juniper | ex4300 | - | |
| juniper | ex4300-24p | - | |
| juniper | ex4300-24p-s | - | |
| juniper | ex4300-24t | - | |
| juniper | ex4300-24t-s | - | |
| juniper | ex4300-32f | - | |
| juniper | ex4300-32f-dc | - | |
| juniper | ex4300-32f-s | - | |
| juniper | ex4300-48mp | - | |
| juniper | ex4300-48mp-s | - | |
| juniper | ex4300-48p | - | |
| juniper | ex4300-48p-s | - | |
| juniper | ex4300-48t | - | |
| juniper | ex4300-48t-afi | - | |
| juniper | ex4300-48t-dc | - | |
| juniper | ex4300-48t-dc-afi | - | |
| juniper | ex4300-48t-s | - | |
| juniper | ex4300-48tafi | - | |
| juniper | ex4300-48tdc | - | |
| juniper | ex4300-48tdc-afi | - | |
| juniper | ex4300-mp | - | |
| juniper | ex4300-vc | - | |
| juniper | ex4300m | - | |
| juniper | ex4400 | - | |
| juniper | ex4500 | - | |
| juniper | ex4500-vc | - | |
| juniper | ex4550 | - | |
| juniper | ex4550-vc | - | |
| juniper | ex4550\/vc | - | |
| juniper | ex4600 | - | |
| juniper | ex4600-vc | - | |
| juniper | ex4650 | - | |
| juniper | ex6200 | - | |
| juniper | ex6210 | - | |
| juniper | ex8200 | - | |
| juniper | ex8200-vc | - | |
| juniper | ex8208 | - | |
| juniper | ex8216 | - | |
| juniper | ex9200 | - | |
| juniper | ex9204 | - | |
| juniper | ex9208 | - | |
| juniper | ex9214 | - | |
| juniper | ex9250 | - | |
| juniper | ex9251 | - | |
| juniper | ex9253 | - | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | mx | - | |
| juniper | mx10 | - | |
| juniper | mx10000 | - | |
| juniper | mx10003 | - | |
| juniper | mx10008 | - | |
| juniper | mx10016 | - | |
| juniper | mx104 | - | |
| juniper | mx150 | - | |
| juniper | mx2008 | - | |
| juniper | mx2010 | - | |
| juniper | mx2020 | - | |
| juniper | mx204 | - | |
| juniper | mx240 | - | |
| juniper | mx40 | - | |
| juniper | mx480 | - | |
| juniper | mx5 | - | |
| juniper | mx80 | - | |
| juniper | mx960 | - | |
| juniper | ptx1000 | - | |
| juniper | ptx1000-72q | - | |
| juniper | ptx10000 | - | |
| juniper | ptx10001 | - | |
| juniper | ptx10001-36mr | - | |
| juniper | ptx100016 | - | |
| juniper | ptx10002 | - | |
| juniper | ptx10002-60c | - | |
| juniper | ptx10003 | - | |
| juniper | ptx10003_160c | - | |
| juniper | ptx10003_80c | - | |
| juniper | ptx10003_81cd | - | |
| juniper | ptx10004 | - | |
| juniper | ptx10008 | - | |
| juniper | ptx10016 | - | |
| juniper | ptx3000 | - | |
| juniper | ptx5000 | - | |
| juniper | t1600 | - | |
| juniper | t320 | - | |
| juniper | t4000 | - | |
| juniper | t640 | - | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | ex2300 | - | |
| juniper | ex3400 | - | |
| juniper | qfx10000 | - | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.2 | |
| juniper | junos | 18.2 | |
| juniper | junos | 18.2 | |
| juniper | junos | 18.2 | |
| juniper | junos | 18.2 | |
| juniper | junos | 18.2 | |
| juniper | junos | 18.2 | |
| juniper | junos | 18.2 | |
| juniper | junos | 18.2 | |
| juniper | junos | 18.3 | |
| juniper | junos | 18.3 | |
| juniper | junos | 18.3 | |
| juniper | junos | 18.3 | |
| juniper | junos | 18.4 | |
| juniper | junos | 18.4 | |
| juniper | junos | 18.4 | |
| juniper | junos | 18.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:appweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB807B3-7212-47D3-AB21-DCCE3007B3A5",
"versionEndExcluding": "7.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90C10C04-AC2A-433C-B01B-AD587648FE63",
"versionEndExcluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*",
"matchCriteriaId": "92F31F7F-02E0-4E63-A600-DF8AB4E3BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
"matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
"matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
"matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
"matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
"matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*",
"matchCriteriaId": "50E7FD07-A309-48EC-A520-C7F0FA35865C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:*",
"matchCriteriaId": "F868948A-04D7-473B-971F-721302653633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:*",
"matchCriteriaId": "830A9EBA-88F1-4277-B98F-75AC52A60824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:*",
"matchCriteriaId": "BFA2ADAB-E486-4DBB-8B84-CC095D102278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d55:*:*:*:*:*:*",
"matchCriteriaId": "9ACD0C03-ACD9-4D47-B3EE-1D8753FF5A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d60:*:*:*:*:*:*",
"matchCriteriaId": "0DD32D8A-7531-4691-B45D-9EACC69A23D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d65:*:*:*:*:*:*",
"matchCriteriaId": "76DFA52F-5B2E-47DA-9A8E-7D17A7413929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d66:*:*:*:*:*:*",
"matchCriteriaId": "4D363E73-ABC4-4E9F-9E7B-86087D3A3F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d67:*:*:*:*:*:*",
"matchCriteriaId": "A7502F95-BADC-432A-B7BE-8E9931FA1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d70:*:*:*:*:*:*",
"matchCriteriaId": "9451CD3F-BF4E-4BBC-AD00-660BE2B313C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d71:*:*:*:*:*:*",
"matchCriteriaId": "C63E8B17-250D-4D74-9A1F-2F3577D9A071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d72:*:*:*:*:*:*",
"matchCriteriaId": "801AB7D7-3407-4F8B-83C4-CC16076DB0E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d73:*:*:*:*:*:*",
"matchCriteriaId": "FA4104D4-3FA2-4936-ACBD-06B0BD0B9E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d76:*:*:*:*:*:*",
"matchCriteriaId": "090BB276-C169-4A41-B03D-0EC40D20E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d77:*:*:*:*:*:*",
"matchCriteriaId": "51732A2B-52E2-4356-8409-5CB6D79F23DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*",
"matchCriteriaId": "AC1FED64-8725-4978-9EBF-E3CD8EF338E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
"matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*",
"matchCriteriaId": "A4AC2E1E-74FB-4DA3-8292-B2079F83FF54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*",
"matchCriteriaId": "5FF83BD0-3B28-481E-8C8F-09ECDA493DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*",
"matchCriteriaId": "6E296274-AFC1-4F56-A4B3-827C2E0BC9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*",
"matchCriteriaId": "3C82799B-BD25-4359-9E3D-4D7CA7367525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d35:*:*:*:*:*:*",
"matchCriteriaId": "094485FF-960C-4533-A2AF-6C4D420D260D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d40:*:*:*:*:*:*",
"matchCriteriaId": "F8BE3661-1DE5-4F57-9384-68C1B34F6812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d45:*:*:*:*:*:*",
"matchCriteriaId": "B45E8A14-E7F4-41EB-9BFA-7A19E35D11FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d50:*:*:*:*:*:*",
"matchCriteriaId": "C6C694C6-C58C-4513-91E8-6CC22A2386E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d51:*:*:*:*:*:*",
"matchCriteriaId": "64A0CCD4-91BA-440E-A14C-48E67D1F03A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d55:*:*:*:*:*:*",
"matchCriteriaId": "6B65EF51-ED97-4973-94C4-8F66C553F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d60:*:*:*:*:*:*",
"matchCriteriaId": "9EE7C08A-2A4B-4A84-AD95-A890913E2EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d65:*:*:*:*:*:*",
"matchCriteriaId": "44C61900-680C-4C74-8B96-ACC93FE9465E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d66:*:*:*:*:*:*",
"matchCriteriaId": "6A793CCD-397E-45DA-9349-D01C69AB96D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d70:*:*:*:*:*:*",
"matchCriteriaId": "B6C38637-ABE0-419A-A053-CBE076766551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d75:*:*:*:*:*:*",
"matchCriteriaId": "1F87EF0D-E609-4D4A-B228-CEF05C753E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*",
"matchCriteriaId": "27A6BF09-ABBF-4126-ADD6-B174937F8554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*",
"matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d100:*:*:*:*:*:*",
"matchCriteriaId": "856A5668-FA4F-44E9-A3F0-BE4979F631E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d110:*:*:*:*:*:*",
"matchCriteriaId": "F3B2DA4D-5E5D-4E09-BE4D-5B3371703D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d120:*:*:*:*:*:*",
"matchCriteriaId": "FA2459ED-DFA5-4701-AF92-C2928C3BD64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d130:*:*:*:*:*:*",
"matchCriteriaId": "8830C4BC-2B3D-4CCF-A37E-79C2D46159BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d131:*:*:*:*:*:*",
"matchCriteriaId": "40D42ACF-860C-4B47-8E25-7DEC30FB8064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d140:*:*:*:*:*:*",
"matchCriteriaId": "C808E08F-1992-43DD-A106-E920DC784831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d15:*:*:*:*:*:*",
"matchCriteriaId": "C8C94365-988C-4A14-8E49-846152FDC666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d150:*:*:*:*:*:*",
"matchCriteriaId": "E288F54B-AEA3-412F-85A4-EBDFE74DB84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d160:*:*:*:*:*:*",
"matchCriteriaId": "02AAC05C-1C4B-4F35-A286-52D20DFD6212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d170:*:*:*:*:*:*",
"matchCriteriaId": "080422D3-B508-4049-B558-4B04BF2E8AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*",
"matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d25:*:*:*:*:*:*",
"matchCriteriaId": "6825F6BA-B48F-4E02-938F-6B297E21BA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*",
"matchCriteriaId": "0E5FAA97-171F-4DB9-B78E-6E1A5F34336A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d35:*:*:*:*:*:*",
"matchCriteriaId": "870244F3-1C05-4F10-A205-5189BB860F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d40:*:*:*:*:*:*",
"matchCriteriaId": "235EE40B-AA15-4F39-8087-A051F4F70995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d45:*:*:*:*:*:*",
"matchCriteriaId": "17330544-3AFC-463E-A146-2840A8AE17D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d50:*:*:*:*:*:*",
"matchCriteriaId": "8ABA301F-7866-42A5-8391-E07BEAFF06FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d55:*:*:*:*:*:*",
"matchCriteriaId": "884E4A85-ED42-4391-9FDD-9052F957743A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d60:*:*:*:*:*:*",
"matchCriteriaId": "1901864B-688B-4352-A587-4B96B4E49FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d65:*:*:*:*:*:*",
"matchCriteriaId": "78F53FBF-C6D8-4AE5-87EC-9D9F88DCEFB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d70:*:*:*:*:*:*",
"matchCriteriaId": "1B6670FB-9F5A-469B-97F2-074C28572065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d75:*:*:*:*:*:*",
"matchCriteriaId": "71198992-83AA-4E28-BA7D-A3C1897B5E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d80:*:*:*:*:*:*",
"matchCriteriaId": "4323D874-C317-4D76-8E2D-C82376D84CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d90:*:*:*:*:*:*",
"matchCriteriaId": "F56067DA-EBA9-481A-B60B-52148584EFBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E020556B-693F-4963-BA43-3164AB50FA49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0D31FF-0812-42B8-B25E-03C35EC1B021",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A03463-6B1D-4DBA-9E89-CAD5E899B98B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABA347C-3EF3-4F75-B4D1-54590A57C2BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06685D0E-A075-49A5-9EF4-34F0F795C8C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52F0B735-8C49-4B08-950A-296C9CDE43CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*",
"matchCriteriaId": "223C12D0-61A0-4C12-8AFC-A0CB64759A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "371A7DF8-3F4B-439D-8990-D1BC6F0C25C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*",
"matchCriteriaId": "661B4C1E-DB85-4EB0-B26F-F6496CEF0AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:*",
"matchCriteriaId": "F7C33DE7-4947-41D1-8DDF-DC7C9541414E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:*",
"matchCriteriaId": "C12D5D63-479D-4B27-8179-3B8985DB51F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:*",
"matchCriteriaId": "F0DD051A-E486-4A9D-A978-A5A980AAF237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:*",
"matchCriteriaId": "D4ED9ACC-B6BA-4128-8934-759BB9EC904F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:*",
"matchCriteriaId": "FC4D8EE5-E93F-4F50-9D31-CD5A69531962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s10:*:*:*:*:*:*",
"matchCriteriaId": "B63EF1C6-C859-4EFA-81BE-1E5AD3364B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:*",
"matchCriteriaId": "B786F950-0E07-4ADC-B988-917994FE99CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s12:*:*:*:*:*:*",
"matchCriteriaId": "2F703D05-C7A4-4EBF-A2FB-8AFE8E13DCDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s3:*:*:*:*:*:*",
"matchCriteriaId": "99C8DC55-60AF-44D0-86C1-1F90C5DB0235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s4:*:*:*:*:*:*",
"matchCriteriaId": "D23CEC9A-BF5F-489C-8CA7-1946238E20D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s6:*:*:*:*:*:*",
"matchCriteriaId": "0010CCA3-6A76-4C18-82C4-BF44FECA4B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s8:*:*:*:*:*:*",
"matchCriteriaId": "4D353E7F-F773-4502-B4EE-E73BA2DE1BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r13:*:*:*:*:*:*",
"matchCriteriaId": "E69DD769-0C8F-4DCE-9F65-411A8CB85322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "7CC3BCFD-2B0F-4994-9FE4-9D37FA85F1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "C6F309FD-0A5A-4C86-B227-B2B511A5CEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*",
"matchCriteriaId": "960059B5-0701-4B75-AB51-0A430247D9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*",
"matchCriteriaId": "1D1DCA52-DA81-495B-B516-5571F01E3B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*",
"matchCriteriaId": "05E187F6-BACD-4DD5-B393-B2FE4349053A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*",
"matchCriteriaId": "3C240840-A6BC-4E3D-A60D-22F08E67E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r8:*:*:*:*:*:*",
"matchCriteriaId": "CC90563F-6BCB-4D77-8FD4-584E3A6C7741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r9:*:*:*:*:*:*",
"matchCriteriaId": "5AD03BA7-D9EC-420F-97C4-383F79D6873F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:ex2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D4F71-8476-4F0D-A976-A308D6483D6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2200-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BD5636-93D5-4C06-964F-00055DF6B2B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2200-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D066A90D-F7F2-4EA5-8F0C-D0E189DDB05D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3302CB-457F-4BD2-B80B-F70FB4C4542E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-24mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0D9C0-34D3-430F-ABFA-B68010A8825D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E04B126-F290-4242-BB80-5F573D623E6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-24t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "671D9977-7657-48C7-A07C-4AED54380A86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-48mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E100C3C-070D-4132-927F-756538B91491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2032E7DD-96FD-48B7-922C-5FE04675796C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-48t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D907D6A-B7C4-4A10-AA58-0F908575A435",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979C3597-C53B-4F4B-9EA7-126DA036C86D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A536DA-5A57-4255-AB22-F99F8B7FF62A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7A20FC-A19F-4881-A0E8-C440E9FE60D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC326549-217D-4194-8310-AB398D6FF3F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3300-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32B9B26-8BF0-4C56-A9BF-D9BBAEA50506",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DAF5E7-E610-4D74-8573-41C16D642837",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53269C69-3D1E-4F05-8EF6-81743D7A699E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4200-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F54ADF-7C13-4AA6-B61E-627D4DBB1CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEA4BC3-093F-4DE6-BED1-2C7D2FC2C8A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-24p-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592377CC-4044-4FDD-A3DF-CBF25754EE4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-24t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D12E8275-EF6B-44F9-A7D8-A769CDB5EED5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-24t-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E63215-246E-49F3-A537-8A90D512DAB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-32f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1A5E69-928A-41A0-8B9B-91F307D99854",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-32f-dc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B71953D-016D-4E72-B598-55667A507681",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-32f-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CABBC37B-EB93-424D-A1E7-4686039C0955",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24526B69-E3E3-4249-80A4-A886BED5C07E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48mp-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2209605-65B6-44B3-9700-9EC543BF2408",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C348CF-65C1-4A53-8F4F-99B5A4113679",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48p-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60CB5F91-DC40-4D09-BB93-4539B8581877",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE8EB69-95DD-44E9-80A6-F2B5E34BBD5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t-afi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEDB14F-E74A-4C48-A969-1D22D7F7C7C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t-dc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE3866E-109E-479F-9FFE-3F6E81C0DE7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t-dc-afi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A17D793-5F01-4818-956D-D6BC5A6C4CEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4C3E8E-C8B4-42A5-8DB6-7E8114FCC030",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48tafi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77AF34EC-A154-4042-BE0B-B2BA9EEDEE93",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48tdc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD3D9F-B49C-48EC-8AE1-FE3B399809DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48tdc-afi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10DC1840-7409-4BD0-9522-B55B1166CF9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EECCB3-37B3-4146-8F8C-4BBFF84499E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303ADB06-5CB5-44DA-8387-39FACC539EF0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F07B0E0B-D2F2-4CF1-A8EA-A1E8DE83BBB4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEE8AE4-B393-442C-AD68-4AC43E76A8F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4500-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D842407-7A13-47C7-BBC9-FB0E978221CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E98077-92AF-4E3E-96F0-2E6F9D6343D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4550-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B84C72A-C314-46FB-8DD8-1DF29C6C4B0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4550\\/vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3612D798-7A5F-4068-A5A2-92173893450E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4600-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ECB975-D1A0-4318-9C5E-752A3C98F76F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex6200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CC1C89-B37F-4C5F-9F79-12997C79711D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex6210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71FF88C7-89CB-4E04-BADA-AD64F8060C6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex8200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFE829C-325D-4E66-A6A2-A81BE8BCAB72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex8200-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B12A6-1CE2-4293-ABA5-E3F23E15485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex8208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72E67A5A-0DFF-42D9-81A7-570E9BCA463D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex8216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B51C5371-51E9-40AE-8619-BC1267DD1D08",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D08A8D94-134A-41E7-8396-70D8B0735E9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86E82CE3-F43D-4B29-A64D-B14ADB6CC357",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C0199E-B9F0-41D3-B625-083990517CDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8790B456-DFC7-4E82-9A0C-C89787139B79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCB1E61-07A1-40B0-B616-F1A6E06D11C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9251:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079290E9-DCC5-43F7-9480-64874DBF2696",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9253:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA71434-CCBF-4A55-8B30-D213A43E8641",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "285CD1E5-C6D3-470A-8556-653AFF74D0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "83AB8877-3DC0-4B8C-B864-1BF18C368337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f:*:*:*:*:*:*",
"matchCriteriaId": "D80CABB3-9A32-4FBC-AB8E-435BA85CFA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*",
"matchCriteriaId": "C56F5C48-BA48-4EE1-88BE-782B3CFB3B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*",
"matchCriteriaId": "1C56E6C3-BBB6-4853-91D9-99C7676D0CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*",
"matchCriteriaId": "AC196685-3B0C-4754-AE6A-6BE456CC6B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F0146AA9-C513-4871-A62A-52C9F40EB958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A18672EF-E33D-4ACE-BB0A-561812F502C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*",
"matchCriteriaId": "CEF0E75F-831E-40B8-926D-B2E92A84E31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*",
"matchCriteriaId": "0E0ECBD8-3D66-49DA-A557-5695159F0C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*",
"matchCriteriaId": "0EAA2998-A0D6-4818-9E7C-25E8099403E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*",
"matchCriteriaId": "2D4ADFC5-D4B8-4A68-95D8-8ADF92C1CFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f5-s7:*:*:*:*:*:*",
"matchCriteriaId": "BFF0C559-EC2F-4FEE-B012-E9127A68FD4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*",
"matchCriteriaId": "71D211B9-B2FE-4324-AAEE-8825D5238E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3A11C-4CAA-4DDB-AD20-6C7EFA368CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s10:*:*:*:*:*:*",
"matchCriteriaId": "4D9134BF-7289-4503-A9C5-977C4CDCD108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s12:*:*:*:*:*:*",
"matchCriteriaId": "2698D906-6D9D-429C-9ECC-46FF2334C637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s2:*:*:*:*:*:*",
"matchCriteriaId": "6126279A-8509-4CA1-BFB3-E76F701F5031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s3:*:*:*:*:*:*",
"matchCriteriaId": "CA0D028E-0B07-4CB2-863A-527806B9917C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s4:*:*:*:*:*:*",
"matchCriteriaId": "846582E4-05A0-4AD9-B78B-1707A09DAA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s5:*:*:*:*:*:*",
"matchCriteriaId": "E43A39D8-3BD4-41CD-A8A3-2BFF8D340BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s6:*:*:*:*:*:*",
"matchCriteriaId": "DECD665D-2CA4-4CB2-B77D-9230B102B339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s7:*:*:*:*:*:*",
"matchCriteriaId": "85B83ED7-EE50-4F06-A386-B0A4FC7263DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s8:*:*:*:*:*:*",
"matchCriteriaId": "64F1FD18-AAD2-48DD-8F23-55D65D34FCE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s9:*:*:*:*:*:*",
"matchCriteriaId": "B02FED8D-A554-4039-9F0A-C7EEFC640317",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72952BFC-45B9-4379-8D9A-A10132CC34EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52699E2B-450A-431C-81E3-DC4483C8B4F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D97AF6F8-3D50-4D35-BCB1-54E3BEC69B9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C39DA74D-F5C7-4C11-857D-50631A110644",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F72C850A-0530-4DB7-A553-7E19F82122B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE2089C-F341-4DC1-B76D-633BC699306D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27175D9A-CA2C-4218-8042-835E25DFCA43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C7FC57-8ACF-45AA-A227-7E3B350FD24F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2754C2DF-DF6E-4109-9463-38B4E0465B77",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A26704-A6A4-4C4F-9E12-A0A0259491EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C982A2FF-A1F9-4830-BAB6-77CFCE1F093F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "104858BD-D31D-40E0-8524-2EC311F10EAC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B557965-0040-4048-B56C-F564FF28635B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB875EBD-A3CD-4466-B2A3-39D47FF94592",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E08E1E-0FE4-4294-9497-BBFFECA2A220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6DF99D-E438-4943-BC32-F2821E72AE0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx1000-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B219F54A-4474-48CB-80F1-D988A719C3DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "249F6266-4ED6-4464-9347-9322E1481D0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDCCB33-D428-4D64-977E-71C62F89AE5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10001-36mr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C188428C-0558-44FB-845C-E885DE9A0733",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx100016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37F94757-34CE-4F88-A6D3-544FE6A476D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82B22AC2-B794-4F12-9EB3-9AA6E4B19831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10002-60c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5462DF-5CF1-4DF9-989B-622EA734964F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD05415-9F94-4EB8-805A-C9C0FFA9D0DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10003_160c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E88A41-B158-4A66-9DFD-438931C6BE68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10003_80c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C97FFB5-8755-474B-ABCF-98DC7659208E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10003_81cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAECB1BF-0F3A-4AD9-AF6B-E54A13D9D804",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C432E543-37F5-4CA0-B239-2B97C6A16907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A64A26-4606-4D33-8958-5A3B7FFC4CDB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1879799F-18B2-4958-AA90-FD19348C889F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "516476F9-7D4C-494F-99AA-750F4467CD15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654140A0-FEC0-4DB4-83BF-ECCB000DFA4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:t1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6E6B57-BFF3-4AD2-979A-B2C4FD9F138E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:t320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F913-266E-44CB-BFA3-85AC9D55FF1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:t4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B57FF1-D4F8-4E28-95A7-2D29DF65D825",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:t640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12CCEFE5-F37B-482D-8670-DA40EFBB7E42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*",
"matchCriteriaId": "B71FB14A-67D4-4EDD-BB32-07764F5AFA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:-:*:*:*:*:*:*",
"matchCriteriaId": "C9511DD0-D910-4C29-B0E3-8F9D0531F09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d10:*:*:*:*:*:*",
"matchCriteriaId": "6E87C765-8D68-404A-AC71-3F22A7260E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*",
"matchCriteriaId": "1E3B807C-196D-42B8-9042-7582A1366772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*",
"matchCriteriaId": "83FEEE8F-9279-46F2-BAF9-A60537020C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d210:*:*:*:*:*:*",
"matchCriteriaId": "BBD36C0D-0F44-4349-968D-4CD60F281D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d230:*:*:*:*:*:*",
"matchCriteriaId": "3E364FE2-5FB1-4E14-8DF5-CA21F4BFBBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d231:*:*:*:*:*:*",
"matchCriteriaId": "7F22C4C2-20E0-428F-A9BF-37E8BD63A9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d232:*:*:*:*:*:*",
"matchCriteriaId": "71334963-7BF1-49DB-84E6-D6F2A927458B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d233:*:*:*:*:*:*",
"matchCriteriaId": "E773AA7F-AB97-488A-B73D-682FB5553B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d234:*:*:*:*:*:*",
"matchCriteriaId": "E9196882-FE7B-489A-81AC-55355864DA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d235:*:*:*:*:*:*",
"matchCriteriaId": "93CCFF32-D589-4E84-9A08-D667B14B0B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d236:*:*:*:*:*:*",
"matchCriteriaId": "F218BBE0-8F18-4A8E-8C95-8249B6776958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d237:*:*:*:*:*:*",
"matchCriteriaId": "E56F9D8C-27AA-43EC-9043-7A480265CE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*",
"matchCriteriaId": "1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*",
"matchCriteriaId": "1F294E43-73FA-4EF3-90F2-EE29C56D6573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d31:*:*:*:*:*:*",
"matchCriteriaId": "6F3ED4F6-483F-41DC-BBCF-3605641ACAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*",
"matchCriteriaId": "EDDE1048-BFEA-4A3E-8270-27C538A68837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*",
"matchCriteriaId": "CC517CD0-FF35-498F-AD33-683B43CA3829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*",
"matchCriteriaId": "53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d40:*:*:*:*:*:*",
"matchCriteriaId": "C2B5ED13-F998-447C-8FEA-047FE9FE2F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d45:*:*:*:*:*:*",
"matchCriteriaId": "65F3CD2A-D5E1-4EFF-9013-6D81B396F765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d47:*:*:*:*:*:*",
"matchCriteriaId": "4C2A9C1A-AEE4-4CD6-91D7-D0E9F2717512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d470:*:*:*:*:*:*",
"matchCriteriaId": "AE20A296-0B0D-47B6-8F63-3B664D0F549C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d471:*:*:*:*:*:*",
"matchCriteriaId": "ABA63850-E536-4E2E-BFDD-7BDBB965BDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d48:*:*:*:*:*:*",
"matchCriteriaId": "1749B778-0E36-4539-8668-89F4460F251F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d490:*:*:*:*:*:*",
"matchCriteriaId": "5582D0E6-292E-487B-9DAC-143D5D1C0D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d495:*:*:*:*:*:*",
"matchCriteriaId": "723FD85C-C763-4017-B6BF-0CA707997D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*",
"matchCriteriaId": "D58997E6-96B4-4930-A29D-B49D06DFA9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*",
"matchCriteriaId": "AFB887FD-D3FB-439F-9A89-CC367A74DB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*",
"matchCriteriaId": "BDA46912-D173-49C5-A0A1-64BD0889D3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*",
"matchCriteriaId": "3BEE4EE4-18D9-4FA9-9A02-917240B851AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d56:*:*:*:*:*:*",
"matchCriteriaId": "3978B35D-5745-47BC-A56F-A0678AB0F3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*",
"matchCriteriaId": "188FED65-8A81-4BB0-B10B-8CA17B4F71CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*",
"matchCriteriaId": "9F03E847-748B-43BD-B6C1-BFDECE99BC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*",
"matchCriteriaId": "92E31AF0-83EB-4570-A6DE-4308BE0D3A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d590:*:*:*:*:*:*",
"matchCriteriaId": "F06DA47B-1BAB-477F-BB99-09D6A9DC0CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d60:*:*:*:*:*:*",
"matchCriteriaId": "962CCED8-E321-4878-9BE6-0DC33778559A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d61:*:*:*:*:*:*",
"matchCriteriaId": "2B08B97A-5D4D-405B-A1C4-9E327E4EED35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d62:*:*:*:*:*:*",
"matchCriteriaId": "738C1061-E8B8-4924-AFE9-5E59F22CA4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d63:*:*:*:*:*:*",
"matchCriteriaId": "9071DC8C-D0AA-448E-82BF-7C801199193F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d64:*:*:*:*:*:*",
"matchCriteriaId": "395CC50B-9042-4B12-9A1C-A8D5D571DC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d65:*:*:*:*:*:*",
"matchCriteriaId": "F0396190-54A5-4F11-8530-B5EC7BCBC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d66:*:*:*:*:*:*",
"matchCriteriaId": "E56CF063-0CB3-4BD6-978B-B9D7C0C8C4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d67:*:*:*:*:*:*",
"matchCriteriaId": "60D515B2-9747-465B-8854-887C6FDA8743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d68:*:*:*:*:*:*",
"matchCriteriaId": "6EEBB60C-E607-4262-9C8B-7B7E2D011B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d70:*:*:*:*:*:*",
"matchCriteriaId": "88BAA95F-7CA2-46A0-8F60-588941AF3E44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3302CB-457F-4BD2-B80B-F70FB4C4542E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DAF5E7-E610-4D74-8573-41C16D642837",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF2039C-E08C-472F-82E6-DAD3F94724B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "285CD1E5-C6D3-470A-8556-653AFF74D0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "83AB8877-3DC0-4B8C-B864-1BF18C368337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f:*:*:*:*:*:*",
"matchCriteriaId": "D80CABB3-9A32-4FBC-AB8E-435BA85CFA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*",
"matchCriteriaId": "C56F5C48-BA48-4EE1-88BE-782B3CFB3B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*",
"matchCriteriaId": "1C56E6C3-BBB6-4853-91D9-99C7676D0CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*",
"matchCriteriaId": "AC196685-3B0C-4754-AE6A-6BE456CC6B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F0146AA9-C513-4871-A62A-52C9F40EB958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A18672EF-E33D-4ACE-BB0A-561812F502C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*",
"matchCriteriaId": "CEF0E75F-831E-40B8-926D-B2E92A84E31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*",
"matchCriteriaId": "0E0ECBD8-3D66-49DA-A557-5695159F0C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*",
"matchCriteriaId": "0EAA2998-A0D6-4818-9E7C-25E8099403E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*",
"matchCriteriaId": "2D4ADFC5-D4B8-4A68-95D8-8ADF92C1CFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f5-s7:*:*:*:*:*:*",
"matchCriteriaId": "BFF0C559-EC2F-4FEE-B012-E9127A68FD4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*",
"matchCriteriaId": "71D211B9-B2FE-4324-AAEE-8825D5238E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3A11C-4CAA-4DDB-AD20-6C7EFA368CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s10:*:*:*:*:*:*",
"matchCriteriaId": "4D9134BF-7289-4503-A9C5-977C4CDCD108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s12:*:*:*:*:*:*",
"matchCriteriaId": "2698D906-6D9D-429C-9ECC-46FF2334C637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s2:*:*:*:*:*:*",
"matchCriteriaId": "6126279A-8509-4CA1-BFB3-E76F701F5031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s3:*:*:*:*:*:*",
"matchCriteriaId": "CA0D028E-0B07-4CB2-863A-527806B9917C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s4:*:*:*:*:*:*",
"matchCriteriaId": "846582E4-05A0-4AD9-B78B-1707A09DAA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s5:*:*:*:*:*:*",
"matchCriteriaId": "E43A39D8-3BD4-41CD-A8A3-2BFF8D340BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s6:*:*:*:*:*:*",
"matchCriteriaId": "DECD665D-2CA4-4CB2-B77D-9230B102B339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s7:*:*:*:*:*:*",
"matchCriteriaId": "85B83ED7-EE50-4F06-A386-B0A4FC7263DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s8:*:*:*:*:*:*",
"matchCriteriaId": "64F1FD18-AAD2-48DD-8F23-55D65D34FCE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s9:*:*:*:*:*:*",
"matchCriteriaId": "B02FED8D-A554-4039-9F0A-C7EEFC640317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f7:*:*:*:*:*:*",
"matchCriteriaId": "BD332D86-5DA7-49A4-98C3-E4D946832DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r:*:*:*:*:*:*",
"matchCriteriaId": "6BFFAC38-5D41-4BDB-B9D4-579F104A61BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "0E6CD065-EC06-4846-BD2A-D3CA7866070F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "C7620D01-1A6B-490F-857E-0D803E0AEE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "4A1545CE-279F-4EE2-8913-8F3B2FAFE7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r4-s7:*:*:*:*:*:*",
"matchCriteriaId": "03B09A78-9DEA-43A7-8DD6-56D94869DAEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r4-s8:*:*:*:*:*:*",
"matchCriteriaId": "18B1A6D6-EB40-461A-87B0-FD777019E1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r4-s9:*:*:*:*:*:*",
"matchCriteriaId": "F8CD62D3-0894-426E-80A8-CEBCBD49810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "08FC0245-A4FF-42C0-A236-8569301E351A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5-s1:*:*:*:*:*:*",
"matchCriteriaId": "A68E7711-C7B9-4578-AB7B-863F088A38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5-s3:*:*:*:*:*:*",
"matchCriteriaId": "E0501706-CB27-42B6-916B-B0009EC333C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5-s5:*:*:*:*:*:*",
"matchCriteriaId": "41E43503-A694-406E-B95A-689E4167A4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5-s6:*:*:*:*:*:*",
"matchCriteriaId": "A464B371-1B8B-4563-8728-969825896115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "120EA9E3-788B-4CFD-A74F-17111FFD0131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s1:*:*:*:*:*:*",
"matchCriteriaId": "6B4C2FBB-FEA0-4B98-8568-705FFFFFBB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s2:*:*:*:*:*:*",
"matchCriteriaId": "B2506FCC-4B0F-4FEF-A44E-0C704B6217F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s3:*:*:*:*:*:*",
"matchCriteriaId": "9D9F2F31-B378-40FE-B012-000A225B76F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s4:*:*:*:*:*:*",
"matchCriteriaId": "D014FF7B-BBEA-4F80-BE0E-4C70E4585A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s6:*:*:*:*:*:*",
"matchCriteriaId": "C8257676-7AA7-4B39-A8F8-685843D0685B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "31001EA8-2C65-4D3D-AEC7-F298692E8752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s1:*:*:*:*:*:*",
"matchCriteriaId": "33A3ECF9-AA4D-41F9-8441-1EB5F1DB882E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s10:*:*:*:*:*:*",
"matchCriteriaId": "17C66198-8D9A-454C-B645-A040A5C1E12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s11:*:*:*:*:*:*",
"matchCriteriaId": "E0309A32-5087-4918-B1EE-10EC28F50B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s12:*:*:*:*:*:*",
"matchCriteriaId": "28CB995B-97C5-4FC4-B054-94835CE2B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s2:*:*:*:*:*:*",
"matchCriteriaId": "989D1170-C430-4117-8E3B-46D8B459DF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s3:*:*:*:*:*:*",
"matchCriteriaId": "DB2FD851-BBB6-4D29-B933-1070564E0B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*",
"matchCriteriaId": "258A380C-1EA0-407D-B7E3-4A2E8820119C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "CD5A30CE-9498-4007-8E66-FD0CC6CF1836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*",
"matchCriteriaId": "07CD1E7C-24EA-46B7-964C-C78FF64AFAE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*",
"matchCriteriaId": "8A457C57-4A36-433D-9473-5ABC091DF316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "F2E0A48F-C85B-4973-A054-28A888EA5ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "6D3E38C1-808C-4BD3-993D-F30855F5390F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*",
"matchCriteriaId": "C2AF9C4B-23E6-485D-A115-2B728E929C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*",
"matchCriteriaId": "1FD11073-DC27-41F8-A6A2-7E22A062D14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*",
"matchCriteriaId": "2A78389E-868C-422D-9AA3-8A672DF6C2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*",
"matchCriteriaId": "85BFC22F-A6B3-4306-A28B-5D78FFA6402D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*",
"matchCriteriaId": "99276E50-825C-4BB4-8496-1F81BDA21655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s8:*:*:*:*:*:*",
"matchCriteriaId": "22B700C1-C690-4C7D-A5AE-45BBB550D52F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s9:*:*:*:*:*:*",
"matchCriteriaId": "50DDDE48-3F73-440F-82ED-BD9D62A407B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "72194CB7-FFDC-4897-9D6E-EA3459DDDEB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*",
"matchCriteriaId": "C88635DB-09B1-4DA1-8FC3-2F7A7E42819C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "92F35C19-5AD2-4F98-8313-2E880714DF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*",
"matchCriteriaId": "DF5A9D31-ED7D-4390-B46D-7E46089DB932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s3:*:*:*:*:*:*",
"matchCriteriaId": "3BE0AD25-767F-4719-9BE4-C8BDF78A6C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s4:*:*:*:*:*:*",
"matchCriteriaId": "19684897-77CE-4E50-B9D2-25E6114E66A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*",
"matchCriteriaId": "90B94472-0E32-48AD-A690-AABB2C53CA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "6B4A4960-0241-4BF4-8857-8B7BE33466B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s2:*:*:*:*:*:*",
"matchCriteriaId": "C2DC367C-7F0B-4775-9BE9-464B28543D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s3:*:*:*:*:*:*",
"matchCriteriaId": "863744A8-8759-4646-9E39-72D511DE4A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s4:*:*:*:*:*:*",
"matchCriteriaId": "732A499C-9FAC-4307-B090-8971970B3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s5:*:*:*:*:*:*",
"matchCriteriaId": "9D3848D1-936D-44BB-B951-E4296F113641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*",
"matchCriteriaId": "9677CE18-B955-432F-BA2B-AAE3D0CA0F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3661BC68-6F32-447F-8D20-FD73FBBED9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "8008342F-4BF3-49D8-B516-C08AAF9E469E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "84DD80BF-BF7E-447B-AA74-00B3D8036E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s10:*:*:*:*:*:*",
"matchCriteriaId": "D8A72B62-E3B7-42FA-980F-75BDF15236FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "57B89EEB-222D-46AA-BC8F-4EE7E17BA7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "ECAE613D-1317-4D2E-8A61-980CD5DEAED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "BAB2D63C-C966-42CA-85A9-09820D00A2D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "5A7231C6-1CC4-4E7A-A317-5315246D2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s8:*:*:*:*:*:*",
"matchCriteriaId": "B14E079B-4E8F-4DAC-85C7-ECC888EBD306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*",
"matchCriteriaId": "CC9B5CDE-3A50-4CD3-962A-FA0989939F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "7572C187-4D58-4E0D-A605-B2B13EFF5C6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "3DE6E051-2F2F-4862-9001-5DA83C4BCF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "E34A149E-C2ED-4D86-A105-0A2775654AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4E0D42C4-9B4D-44F9-BC84-E7994404598B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s10:*:*:*:*:*:*",
"matchCriteriaId": "CC7A70CD-3A5E-4F01-8469-E5CD406BB04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s11:*:*:*:*:*:*",
"matchCriteriaId": "1733E9C1-05FF-4D84-8AE3-315A61288D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "DE2C20D8-3C73-4B87-BA41-DBFBCA5FBA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "54D887B4-D2F4-4537-8298-B98D01396F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "1C1B5AE6-A323-4744-BCA1-25E46D2D27BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "0AB39E2F-0D67-4FA6-84B8-36684E971002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "A32C3702-48DE-47CF-B0D1-3A629676AD03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "B9695B3E-FCDA-4DF0-B714-8B4F87AA647D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*",
"matchCriteriaId": "36214C23-82C8-4A3E-9FF8-04F85FF8B2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*",
"matchCriteriaId": "F3778643-1684-4549-A764-A1909C14B4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "95473197-2553-4252-B5E5-CAF904C2EA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "B87ECEAD-FD18-4252-8D46-F281DD4125AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "11E055AC-5626-4EBB-8611-17BB1E8AEF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "267A3603-BC18-442E-803A-4CAEB6493433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
"matchCriteriaId": "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "565AE6D8-28A9-4A62-A886-5BAB954695D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C366F93-BB30-4144-99AE-40B676977834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "488BB10A-1360-42E5-A68D-23D51B332850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "64988F0A-E02C-455B-99C9-4059C896416F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
"matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "DF3F9F86-166F-45E4-92B7-3DD3B06199F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "0E0CE79A-157D-47DE-BE65-936BC12470EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "05060C06-18C1-40E8-AE01-385B036CC9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C752783-4843-407B-AF33-0E1D36FCAAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "006EE425-A146-4E10-B050-7E754BB8402A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "2B482BCC-1F0C-47AA-B63B-1B39CEF7B2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "A636F9F2-2DA7-4A27-AD80-FD1B34DFCA94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0DFDD907-5305-4602-8A9C-685AA112C342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "B0A756E2-C320-405A-B24F-7C5022649E5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "A7380B3E-09F5-4497-86C6-11EF56BD89F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "658841A9-BEC9-433E-81D0-47DE82887C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5AD05209-1274-4F8A-9FA2-A1A8DFCC5755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "C97683B3-A07B-428F-9535-C49B55305679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "A14CE132-C56B-43D8-A248-AB6A2D1A7B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1:-:*:*:*:*:*",
"matchCriteriaId": "90BF177D-A895-4D05-B674-B27420A5DC6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "0070B31B-59DC-46E9-93E0-1E8BF3560BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "5F711936-33A1-47FC-A6A0-A63088915815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "21B7820C-01D2-401C-9E6D-C83994FD5961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "3D2FBD29-2CAC-41B4-9336-671373EF4A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
"matchCriteriaId": "1BB9C2BB-D20B-41E9-B75F-7FAD9ECCDB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "A2ABC574-B3FC-4025-B50D-7F9EEB28C806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
"matchCriteriaId": "74CA9010-D3DE-487B-B46F-589A48AB0F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. El servidor maneja incorrectamente algunos campos request HTTP asociados con time, lo que resulta en una desreferencia de puntero NULL, tal y como queda demostrado con If-Modified-Since o If-Unmodified-Since con mes mayor a 11."
}
],
"id": "CVE-2018-15504",
"lastModified": "2024-11-21T03:50:57.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-18T03:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 19:15
Modified
2024-11-21 04:34
Severity ?
Summary
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/embedthis/goahead/issues/289 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/goahead/issues/290 | Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/goahead/releases/tag/v5.0.1 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/issues/289 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/issues/290 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/releases/tag/v5.0.1 | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6DB7B2-E960-46C2-B10B-C6D43C33A68C",
"versionEndExcluding": "5.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response."
},
{
"lang": "es",
"value": "Incruste GoAhead versiones anteriores a 5.0.1, maneja inapropiadamente las peticiones HTTP redireccionadas con un encabezado Host grande. GoAhead WebsRedirect utiliza un b\u00fafer de host est\u00e1tico que posee una longitud limitada y puede desbordarse. Esto puede causar un fallo de la copia del encabezado del Host, dejando ese b\u00fafer no inicializado, lo que puede filtrar datos sin inicializar en una respuesta."
}
],
"id": "CVE-2019-19240",
"lastModified": "2024-11-21T04:34:23.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T19:15:12.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/289"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/290"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/embedthis/goahead/releases/tag/v5.0.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/embedthis/goahead/releases/tag/v5.0.1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-12 19:29
Modified
2025-04-20 01:37
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1040702 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/elttam/advisories/tree/master/CVE-2017-17562 | Broken Link, Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74 | Broken Link, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/goahead/issues/249 | Broken Link, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.elttam.com.au/blog/goahead/ | Broken Link, Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43360/ | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/43877/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040702 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/elttam/advisories/tree/master/CVE-2017-17562 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74 | Broken Link, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/issues/249 | Broken Link, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.elttam.com.au/blog/goahead/ | Broken Link, Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43360/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43877/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| embedthis | goahead | * | |
| oracle | integrated_lights_out_manager | 3.0 | |
| oracle | integrated_lights_out_manager | 4.0 |
{
"cisaActionDue": "2022-06-10",
"cisaExploitAdd": "2021-12-10",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Embedthis GoAhead Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A4F059-2004-44EE-9E6D-2DD0EAB2C2EF",
"versionEndExcluding": "3.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:integrated_lights_out_manager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB44C83-4B33-49BF-9610-90203176FD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:integrated_lights_out_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8150F44B-7603-4F06-96B9-265B9BC5C751",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0."
},
{
"lang": "es",
"value": "Embedthis GoAhead en versiones anteriores a la 3.6.5 permite la ejecuci\u00f3n remota de c\u00f3digo si CGI est\u00e1 habilitado y se enlaza din\u00e1micamente un programa CGI. Esto es el resultado de inicializar el entorno de scripts CGI bifurcados empleando par\u00e1metros de petici\u00f3n HTTP no fiables en la funci\u00f3n cgiHandler en cgi.c. Al combinarse con el enlazador din\u00e1mico glibc, se puede abusar de este comportamiento para ejecutar c\u00f3digo de manera remota mediante nombres de par\u00e1metro especiales como LD_PRELOAD. Un atacante puede realizar POST con su carga \u00fatil de objeto compartido en el cuerpo de la petici\u00f3n y referenciarla empleando /proc/self/fd/0."
}
],
"id": "CVE-2017-17562",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2017-12-12T19:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040702"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/elttam/advisories/tree/master/CVE-2017-17562"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/249"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.elttam.com.au/blog/goahead/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43360/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43877/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/elttam/advisories/tree/master/CVE-2017-17562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.elttam.com.au/blog/goahead/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43360/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43877/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-13 06:59
Modified
2025-04-20 01:37
Severity ?
Summary
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.cybereason.com/cve-ip-cameras/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cybereason.com/cve-ip-cameras/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/ | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB4FC40-2D26-4B0D-8F58-4C6AC92F1C96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en una aplicaci\u00f3n web en un servidor web GoAhead personalizado que se utiliza en Foscam, Vstarcam y m\u00faltiples moldelos de c\u00e1mara IP de marca blanca. El formulario de env\u00edo de correo en la p\u00e1gina mail.htm permite a un atacante inyectar un comando en el campo receiver1 en el formulario; se ejecutar\u00e1 con privilegios de root."
}
],
"id": "CVE-2017-5675",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-13T06:59:00.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cybereason.com/cve-ip-cameras/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cybereason.com/cve-ip-cameras/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-05 07:29
Modified
2025-04-20 01:37
Severity ?
Summary
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shadow4u/goaheaddebug/blob/master/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shadow4u/goaheaddebug/blob/master/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| embedthis | goahead | 3.4.0 | |
| embedthis | goahead | 3.4.1 | |
| embedthis | goahead | 3.4.2 | |
| embedthis | goahead | 3.4.3 | |
| embedthis | goahead | 3.4.4 | |
| embedthis | goahead | 3.4.5 | |
| embedthis | goahead | 3.4.6 | |
| embedthis | goahead | 3.4.7 | |
| embedthis | goahead | 3.4.8 | |
| embedthis | goahead | 3.4.9 | |
| embedthis | goahead | 3.4.10 | |
| embedthis | goahead | 3.4.11 | |
| embedthis | goahead | 3.4.12 | |
| embedthis | goahead | 3.5.0 | |
| embedthis | goahead | 3.6.0 | |
| embedthis | goahead | 3.6.1 | |
| embedthis | goahead | 3.6.2 | |
| embedthis | goahead | 3.6.3 | |
| embedthis | goahead | 3.6.4 | |
| embedthis | goahead | 3.6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26DE3222-0FA8-49DE-8E94-AB3BC8816F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60001CE1-A452-49B4-9C27-D892B91078F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE3F237-3B0B-40B5-A3E3-E468883D6DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAEAA94-A8FB-4D32-9D8A-E06F2F548FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83B7280F-4FBF-4451-BAAF-E90068CDAB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F168E900-DFA1-4D9C-AD08-9A1B876C6DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "78418AE8-D5B3-4771-BFFD-DC28BBC42B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3BB240-A988-497F-82CE-F99C8438F0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14B89AAB-1CBF-4862-A7AC-9DDEF026646D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "05918B61-7E62-40BA-9EF3-FB4DD2EC3BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD5EE6D-A498-4C35-81F7-684E30845E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "801889A1-C61C-4CC9-8B2A-46CF4E246978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF17ED0-EFA5-407E-9CCC-15543C2D194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BACEEDBF-0C89-46E7-9A00-9C4BD61DAE7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7EE03C-294B-485E-9CA4-5E0714A2939C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EBF002-17C3-4AD5-BDC3-B7643BEA5173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34B4E67D-5883-43A5-85B2-1E8D8D157F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ACF0D5BD-F1C0-4DA0-9BC2-AE8DA03F2204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2A0A7F-8516-4405-A8C8-B862E59DEAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81A1B366-C737-43F7-A391-C28C434026C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a \"POST / HTTP/1.1\" request."
},
{
"lang": "es",
"value": "GoAhead en versiones de la 3.4.0 a la 3.6.5 presenta una desreferencia de puntero NULL en la funci\u00f3n websDecodeUrl en http.c, lo que da lugar a un bloqueo en una petici\u00f3n \"POST / HTTP/1.1\"."
}
],
"id": "CVE-2017-14149",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-05T07:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/shadow4u/goaheaddebug/blob/master/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/shadow4u/goaheaddebug/blob/master/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-03 22:15
Modified
2024-11-21 04:44
Severity ?
Summary
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81A1B366-C737-43F7-A391-C28C434026C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957445DB-98D7-4223-8841-A4F364E02B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5512FFAE-3A29-4E57-AF71-04C9A064711B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio en el procesamiento de peticiones datos de formulario multiparte dentro de la aplicaci\u00f3n base del servidor web GoAhead en versiones v5.0.1, v.4.1.1 y v3.6.5. Una petici\u00f3n HTTP especialmente dise\u00f1ada puede conllevar a un bucle infinito en el proceso. La petici\u00f3n puede no ser autenticada en la forma de peticiones GET o POST y no requiere que el recurso solicitado exista en el servidor."
}
],
"id": "CVE-2019-5097",
"lastModified": "2024-11-21T04:44:20.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T22:15:14.900",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-18 03:29
Modified
2024-11-21 03:50
Severity ?
Summary
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/appweb/issues/605 | Broken Link, Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/goahead/issues/264 | Broken Link, Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/appweb/issues/605 | Broken Link, Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/issues/264 | Broken Link, Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| embedthis | appweb | * | |
| embedthis | goahead | * | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 12.3x48 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x49 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 15.1x53 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.1 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 16.2 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.1 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.2 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.3 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 17.4 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 | |
| juniper | junos | 18.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:appweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB807B3-7212-47D3-AB21-DCCE3007B3A5",
"versionEndExcluding": "7.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90C10C04-AC2A-433C-B01B-AD587648FE63",
"versionEndExcluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*",
"matchCriteriaId": "223C12D0-61A0-4C12-8AFC-A0CB64759A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "371A7DF8-3F4B-439D-8990-D1BC6F0C25C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*",
"matchCriteriaId": "661B4C1E-DB85-4EB0-B26F-F6496CEF0AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:*",
"matchCriteriaId": "F7C33DE7-4947-41D1-8DDF-DC7C9541414E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:*",
"matchCriteriaId": "C12D5D63-479D-4B27-8179-3B8985DB51F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:*",
"matchCriteriaId": "F0DD051A-E486-4A9D-A978-A5A980AAF237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:*",
"matchCriteriaId": "D4ED9ACC-B6BA-4128-8934-759BB9EC904F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:*",
"matchCriteriaId": "FC4D8EE5-E93F-4F50-9D31-CD5A69531962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s10:*:*:*:*:*:*",
"matchCriteriaId": "B63EF1C6-C859-4EFA-81BE-1E5AD3364B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:*",
"matchCriteriaId": "B786F950-0E07-4ADC-B988-917994FE99CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s12:*:*:*:*:*:*",
"matchCriteriaId": "2F703D05-C7A4-4EBF-A2FB-8AFE8E13DCDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s13:*:*:*:*:*:*",
"matchCriteriaId": "BACE640C-9ED9-4976-9083-DEEBDDAA5516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s20:*:*:*:*:*:*",
"matchCriteriaId": "E3B6A7A3-CD19-4B54-8A6F-85FF8A9084DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s3:*:*:*:*:*:*",
"matchCriteriaId": "99C8DC55-60AF-44D0-86C1-1F90C5DB0235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s4:*:*:*:*:*:*",
"matchCriteriaId": "D23CEC9A-BF5F-489C-8CA7-1946238E20D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s6:*:*:*:*:*:*",
"matchCriteriaId": "0010CCA3-6A76-4C18-82C4-BF44FECA4B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r12-s8:*:*:*:*:*:*",
"matchCriteriaId": "4D353E7F-F773-4502-B4EE-E73BA2DE1BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*",
"matchCriteriaId": "AC1FED64-8725-4978-9EBF-E3CD8EF338E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
"matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*",
"matchCriteriaId": "A4AC2E1E-74FB-4DA3-8292-B2079F83FF54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*",
"matchCriteriaId": "5FF83BD0-3B28-481E-8C8F-09ECDA493DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*",
"matchCriteriaId": "6E296274-AFC1-4F56-A4B3-827C2E0BC9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*",
"matchCriteriaId": "3C82799B-BD25-4359-9E3D-4D7CA7367525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d35:*:*:*:*:*:*",
"matchCriteriaId": "094485FF-960C-4533-A2AF-6C4D420D260D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d40:*:*:*:*:*:*",
"matchCriteriaId": "F8BE3661-1DE5-4F57-9384-68C1B34F6812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d45:*:*:*:*:*:*",
"matchCriteriaId": "B45E8A14-E7F4-41EB-9BFA-7A19E35D11FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d50:*:*:*:*:*:*",
"matchCriteriaId": "C6C694C6-C58C-4513-91E8-6CC22A2386E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d51:*:*:*:*:*:*",
"matchCriteriaId": "64A0CCD4-91BA-440E-A14C-48E67D1F03A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d55:*:*:*:*:*:*",
"matchCriteriaId": "6B65EF51-ED97-4973-94C4-8F66C553F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d60:*:*:*:*:*:*",
"matchCriteriaId": "9EE7C08A-2A4B-4A84-AD95-A890913E2EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d65:*:*:*:*:*:*",
"matchCriteriaId": "44C61900-680C-4C74-8B96-ACC93FE9465E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d66:*:*:*:*:*:*",
"matchCriteriaId": "6A793CCD-397E-45DA-9349-D01C69AB96D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d70:*:*:*:*:*:*",
"matchCriteriaId": "B6C38637-ABE0-419A-A053-CBE076766551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d75:*:*:*:*:*:*",
"matchCriteriaId": "1F87EF0D-E609-4D4A-B228-CEF05C753E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "285CD1E5-C6D3-470A-8556-653AFF74D0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "83AB8877-3DC0-4B8C-B864-1BF18C368337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f:*:*:*:*:*:*",
"matchCriteriaId": "D80CABB3-9A32-4FBC-AB8E-435BA85CFA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*",
"matchCriteriaId": "C56F5C48-BA48-4EE1-88BE-782B3CFB3B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*",
"matchCriteriaId": "1C56E6C3-BBB6-4853-91D9-99C7676D0CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*",
"matchCriteriaId": "AC196685-3B0C-4754-AE6A-6BE456CC6B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F0146AA9-C513-4871-A62A-52C9F40EB958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A18672EF-E33D-4ACE-BB0A-561812F502C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*",
"matchCriteriaId": "CEF0E75F-831E-40B8-926D-B2E92A84E31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*",
"matchCriteriaId": "0E0ECBD8-3D66-49DA-A557-5695159F0C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*",
"matchCriteriaId": "0EAA2998-A0D6-4818-9E7C-25E8099403E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*",
"matchCriteriaId": "2D4ADFC5-D4B8-4A68-95D8-8ADF92C1CFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f5-s7:*:*:*:*:*:*",
"matchCriteriaId": "BFF0C559-EC2F-4FEE-B012-E9127A68FD4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*",
"matchCriteriaId": "71D211B9-B2FE-4324-AAEE-8825D5238E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3A11C-4CAA-4DDB-AD20-6C7EFA368CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s10:*:*:*:*:*:*",
"matchCriteriaId": "4D9134BF-7289-4503-A9C5-977C4CDCD108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s12:*:*:*:*:*:*",
"matchCriteriaId": "2698D906-6D9D-429C-9ECC-46FF2334C637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s2:*:*:*:*:*:*",
"matchCriteriaId": "6126279A-8509-4CA1-BFB3-E76F701F5031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s3:*:*:*:*:*:*",
"matchCriteriaId": "CA0D028E-0B07-4CB2-863A-527806B9917C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s4:*:*:*:*:*:*",
"matchCriteriaId": "846582E4-05A0-4AD9-B78B-1707A09DAA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s5:*:*:*:*:*:*",
"matchCriteriaId": "E43A39D8-3BD4-41CD-A8A3-2BFF8D340BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s6:*:*:*:*:*:*",
"matchCriteriaId": "DECD665D-2CA4-4CB2-B77D-9230B102B339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s7:*:*:*:*:*:*",
"matchCriteriaId": "85B83ED7-EE50-4F06-A386-B0A4FC7263DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s8:*:*:*:*:*:*",
"matchCriteriaId": "64F1FD18-AAD2-48DD-8F23-55D65D34FCE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s9:*:*:*:*:*:*",
"matchCriteriaId": "B02FED8D-A554-4039-9F0A-C7EEFC640317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "31001EA8-2C65-4D3D-AEC7-F298692E8752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s1:*:*:*:*:*:*",
"matchCriteriaId": "33A3ECF9-AA4D-41F9-8441-1EB5F1DB882E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s10:*:*:*:*:*:*",
"matchCriteriaId": "17C66198-8D9A-454C-B645-A040A5C1E12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s11:*:*:*:*:*:*",
"matchCriteriaId": "E0309A32-5087-4918-B1EE-10EC28F50B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s12:*:*:*:*:*:*",
"matchCriteriaId": "28CB995B-97C5-4FC4-B054-94835CE2B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s2:*:*:*:*:*:*",
"matchCriteriaId": "989D1170-C430-4117-8E3B-46D8B459DF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s3:*:*:*:*:*:*",
"matchCriteriaId": "DB2FD851-BBB6-4D29-B933-1070564E0B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*",
"matchCriteriaId": "27A6BF09-ABBF-4126-ADD6-B174937F8554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*",
"matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d100:*:*:*:*:*:*",
"matchCriteriaId": "856A5668-FA4F-44E9-A3F0-BE4979F631E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d110:*:*:*:*:*:*",
"matchCriteriaId": "F3B2DA4D-5E5D-4E09-BE4D-5B3371703D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d120:*:*:*:*:*:*",
"matchCriteriaId": "FA2459ED-DFA5-4701-AF92-C2928C3BD64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d130:*:*:*:*:*:*",
"matchCriteriaId": "8830C4BC-2B3D-4CCF-A37E-79C2D46159BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d131:*:*:*:*:*:*",
"matchCriteriaId": "40D42ACF-860C-4B47-8E25-7DEC30FB8064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d140:*:*:*:*:*:*",
"matchCriteriaId": "C808E08F-1992-43DD-A106-E920DC784831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d15:*:*:*:*:*:*",
"matchCriteriaId": "C8C94365-988C-4A14-8E49-846152FDC666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d150:*:*:*:*:*:*",
"matchCriteriaId": "E288F54B-AEA3-412F-85A4-EBDFE74DB84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d160:*:*:*:*:*:*",
"matchCriteriaId": "02AAC05C-1C4B-4F35-A286-52D20DFD6212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*",
"matchCriteriaId": "B71FB14A-67D4-4EDD-BB32-07764F5AFA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:-:*:*:*:*:*:*",
"matchCriteriaId": "C9511DD0-D910-4C29-B0E3-8F9D0531F09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d10:*:*:*:*:*:*",
"matchCriteriaId": "6E87C765-8D68-404A-AC71-3F22A7260E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*",
"matchCriteriaId": "1E3B807C-196D-42B8-9042-7582A1366772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*",
"matchCriteriaId": "83FEEE8F-9279-46F2-BAF9-A60537020C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d210:*:*:*:*:*:*",
"matchCriteriaId": "BBD36C0D-0F44-4349-968D-4CD60F281D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d230:*:*:*:*:*:*",
"matchCriteriaId": "3E364FE2-5FB1-4E14-8DF5-CA21F4BFBBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d231:*:*:*:*:*:*",
"matchCriteriaId": "7F22C4C2-20E0-428F-A9BF-37E8BD63A9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d232:*:*:*:*:*:*",
"matchCriteriaId": "71334963-7BF1-49DB-84E6-D6F2A927458B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d233:*:*:*:*:*:*",
"matchCriteriaId": "E773AA7F-AB97-488A-B73D-682FB5553B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d234:*:*:*:*:*:*",
"matchCriteriaId": "E9196882-FE7B-489A-81AC-55355864DA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d235:*:*:*:*:*:*",
"matchCriteriaId": "93CCFF32-D589-4E84-9A08-D667B14B0B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d236:*:*:*:*:*:*",
"matchCriteriaId": "F218BBE0-8F18-4A8E-8C95-8249B6776958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d237:*:*:*:*:*:*",
"matchCriteriaId": "E56F9D8C-27AA-43EC-9043-7A480265CE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*",
"matchCriteriaId": "1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*",
"matchCriteriaId": "1F294E43-73FA-4EF3-90F2-EE29C56D6573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d31:*:*:*:*:*:*",
"matchCriteriaId": "6F3ED4F6-483F-41DC-BBCF-3605641ACAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*",
"matchCriteriaId": "EDDE1048-BFEA-4A3E-8270-27C538A68837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*",
"matchCriteriaId": "CC517CD0-FF35-498F-AD33-683B43CA3829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*",
"matchCriteriaId": "53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d40:*:*:*:*:*:*",
"matchCriteriaId": "C2B5ED13-F998-447C-8FEA-047FE9FE2F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d45:*:*:*:*:*:*",
"matchCriteriaId": "65F3CD2A-D5E1-4EFF-9013-6D81B396F765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d47:*:*:*:*:*:*",
"matchCriteriaId": "4C2A9C1A-AEE4-4CD6-91D7-D0E9F2717512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d470:*:*:*:*:*:*",
"matchCriteriaId": "AE20A296-0B0D-47B6-8F63-3B664D0F549C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d471:*:*:*:*:*:*",
"matchCriteriaId": "ABA63850-E536-4E2E-BFDD-7BDBB965BDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d48:*:*:*:*:*:*",
"matchCriteriaId": "1749B778-0E36-4539-8668-89F4460F251F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d490:*:*:*:*:*:*",
"matchCriteriaId": "5582D0E6-292E-487B-9DAC-143D5D1C0D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d495:*:*:*:*:*:*",
"matchCriteriaId": "723FD85C-C763-4017-B6BF-0CA707997D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*",
"matchCriteriaId": "D58997E6-96B4-4930-A29D-B49D06DFA9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*",
"matchCriteriaId": "AFB887FD-D3FB-439F-9A89-CC367A74DB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*",
"matchCriteriaId": "BDA46912-D173-49C5-A0A1-64BD0889D3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*",
"matchCriteriaId": "3BEE4EE4-18D9-4FA9-9A02-917240B851AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d56:*:*:*:*:*:*",
"matchCriteriaId": "3978B35D-5745-47BC-A56F-A0678AB0F3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*",
"matchCriteriaId": "188FED65-8A81-4BB0-B10B-8CA17B4F71CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*",
"matchCriteriaId": "9F03E847-748B-43BD-B6C1-BFDECE99BC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*",
"matchCriteriaId": "92E31AF0-83EB-4570-A6DE-4308BE0D3A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d60:*:*:*:*:*:*",
"matchCriteriaId": "962CCED8-E321-4878-9BE6-0DC33778559A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d61:*:*:*:*:*:*",
"matchCriteriaId": "2B08B97A-5D4D-405B-A1C4-9E327E4EED35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d62:*:*:*:*:*:*",
"matchCriteriaId": "738C1061-E8B8-4924-AFE9-5E59F22CA4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d63:*:*:*:*:*:*",
"matchCriteriaId": "9071DC8C-D0AA-448E-82BF-7C801199193F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d64:*:*:*:*:*:*",
"matchCriteriaId": "395CC50B-9042-4B12-9A1C-A8D5D571DC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d65:*:*:*:*:*:*",
"matchCriteriaId": "F0396190-54A5-4F11-8530-B5EC7BCBC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d66:*:*:*:*:*:*",
"matchCriteriaId": "E56CF063-0CB3-4BD6-978B-B9D7C0C8C4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d67:*:*:*:*:*:*",
"matchCriteriaId": "60D515B2-9747-465B-8854-887C6FDA8743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d68:*:*:*:*:*:*",
"matchCriteriaId": "6EEBB60C-E607-4262-9C8B-7B7E2D011B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d69:*:*:*:*:*:*",
"matchCriteriaId": "7DEF14A2-388F-413F-BBB4-39548BDF1E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d70:*:*:*:*:*:*",
"matchCriteriaId": "88BAA95F-7CA2-46A0-8F60-588941AF3E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*",
"matchCriteriaId": "258A380C-1EA0-407D-B7E3-4A2E8820119C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r:*:*:*:*:*:*",
"matchCriteriaId": "43522D77-C47C-40F7-B84F-927AB84556F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "CD5A30CE-9498-4007-8E66-FD0CC6CF1836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*",
"matchCriteriaId": "07CD1E7C-24EA-46B7-964C-C78FF64AFAE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*",
"matchCriteriaId": "8A457C57-4A36-433D-9473-5ABC091DF316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "F2E0A48F-C85B-4973-A054-28A888EA5ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "6D3E38C1-808C-4BD3-993D-F30855F5390F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*",
"matchCriteriaId": "C2AF9C4B-23E6-485D-A115-2B728E929C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*",
"matchCriteriaId": "1FD11073-DC27-41F8-A6A2-7E22A062D14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*",
"matchCriteriaId": "2A78389E-868C-422D-9AA3-8A672DF6C2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*",
"matchCriteriaId": "85BFC22F-A6B3-4306-A28B-5D78FFA6402D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*",
"matchCriteriaId": "99276E50-825C-4BB4-8496-1F81BDA21655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s8:*:*:*:*:*:*",
"matchCriteriaId": "22B700C1-C690-4C7D-A5AE-45BBB550D52F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s9:*:*:*:*:*:*",
"matchCriteriaId": "50DDDE48-3F73-440F-82ED-BD9D62A407B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "6B4A4960-0241-4BF4-8857-8B7BE33466B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s2:*:*:*:*:*:*",
"matchCriteriaId": "C2DC367C-7F0B-4775-9BE9-464B28543D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s3:*:*:*:*:*:*",
"matchCriteriaId": "863744A8-8759-4646-9E39-72D511DE4A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s4:*:*:*:*:*:*",
"matchCriteriaId": "732A499C-9FAC-4307-B090-8971970B3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*",
"matchCriteriaId": "9677CE18-B955-432F-BA2B-AAE3D0CA0F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3661BC68-6F32-447F-8D20-FD73FBBED9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "8008342F-4BF3-49D8-B516-C08AAF9E469E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "84DD80BF-BF7E-447B-AA74-00B3D8036E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "57B89EEB-222D-46AA-BC8F-4EE7E17BA7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "ECAE613D-1317-4D2E-8A61-980CD5DEAED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "BAB2D63C-C966-42CA-85A9-09820D00A2D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "5A7231C6-1CC4-4E7A-A317-5315246D2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s8:*:*:*:*:*:*",
"matchCriteriaId": "B14E079B-4E8F-4DAC-85C7-ECC888EBD306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s9:*:*:*:*:*:*",
"matchCriteriaId": "35F7D583-44F3-41F0-829F-8C17DFCD4464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*",
"matchCriteriaId": "CC9B5CDE-3A50-4CD3-962A-FA0989939F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "7572C187-4D58-4E0D-A605-B2B13EFF5C6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "3DE6E051-2F2F-4862-9001-5DA83C4BCF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "E34A149E-C2ED-4D86-A105-0A2775654AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4E0D42C4-9B4D-44F9-BC84-E7994404598B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s10:*:*:*:*:*:*",
"matchCriteriaId": "CC7A70CD-3A5E-4F01-8469-E5CD406BB04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s11:*:*:*:*:*:*",
"matchCriteriaId": "1733E9C1-05FF-4D84-8AE3-315A61288D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "DE2C20D8-3C73-4B87-BA41-DBFBCA5FBA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "54D887B4-D2F4-4537-8298-B98D01396F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "1C1B5AE6-A323-4744-BCA1-25E46D2D27BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "0AB39E2F-0D67-4FA6-84B8-36684E971002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "A32C3702-48DE-47CF-B0D1-3A629676AD03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "B9695B3E-FCDA-4DF0-B714-8B4F87AA647D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*",
"matchCriteriaId": "36214C23-82C8-4A3E-9FF8-04F85FF8B2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*",
"matchCriteriaId": "F3778643-1684-4549-A764-A1909C14B4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*",
"matchCriteriaId": "BCEE8D9C-6D64-4A9B-A74A-57A0BF4086C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E889BF9C-BDDF-4A6A-97BB-00A097EF6D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8BCF0612-AF16-4925-8E42-77734513F923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "595987A6-D8CE-41ED-B51C-EF9CD3B47AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "7B5A2205-C40B-4746-9A23-1973433FF065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "CFA3526C-FF53-4823-B6AC-0BA91BFB532D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "AA92B7F8-705B-410F-BDA3-7C28FF51967F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "9990301C-9D79-4372-8EC6-71A209B0C0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "9689695F-53EB-4B35-9072-750E7282B011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*",
"matchCriteriaId": "4F7CE683-5647-455B-936C-DF0D973A180A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "95473197-2553-4252-B5E5-CAF904C2EA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "B87ECEAD-FD18-4252-8D46-F281DD4125AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "11E055AC-5626-4EBB-8611-17BB1E8AEF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "267A3603-BC18-442E-803A-4CAEB6493433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "BA8D32E4-1892-46DC-9782-5466A14E18D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "25C7C3D0-A203-4979-8375-A610ADD48E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
"matchCriteriaId": "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "565AE6D8-28A9-4A62-A886-5BAB954695D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C366F93-BB30-4144-99AE-40B676977834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "488BB10A-1360-42E5-A68D-23D51B332850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "64988F0A-E02C-455B-99C9-4059C896416F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
"matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "DF3F9F86-166F-45E4-92B7-3DD3B06199F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "0E0CE79A-157D-47DE-BE65-936BC12470EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "05060C06-18C1-40E8-AE01-385B036CC9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C752783-4843-407B-AF33-0E1D36FCAAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "006EE425-A146-4E10-B050-7E754BB8402A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0DFDD907-5305-4602-8A9C-685AA112C342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "B0A756E2-C320-405A-B24F-7C5022649E5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "A7380B3E-09F5-4497-86C6-11EF56BD89F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "658841A9-BEC9-433E-81D0-47DE82887C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5AD05209-1274-4F8A-9FA2-A1A8DFCC5755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "C97683B3-A07B-428F-9535-C49B55305679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "A14CE132-C56B-43D8-A248-AB6A2D1A7B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "73978DD8-BD92-4872-8F35-AF2B9BCA1ECB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted \"Host\" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing \u0027]\u0027 character in an IPv6 address."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. Una petici\u00f3n HTTP POST con un campo de cabecera \"Host\" especialmente manipulado puede causar una desreferencia de puntero NULL y, por lo tanto, una denegaci\u00f3n de servicio, tal y como queda demostrado con la falta de un car\u00e1cter posterior \u0027]\u0027 en una direcci\u00f3n IPv6."
}
],
"id": "CVE-2018-15505",
"lastModified": "2024-11-21T03:50:57.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-18T03:29:00.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-14 14:29
Modified
2024-11-21 04:23
Severity ?
Summary
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/embedthis/goahead/compare/5349710...579f21f | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/embedthis/goahead/issues/285 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/compare/5349710...579f21f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/issues/285 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC355E4D-0C0F-4AF0-B0C8-FEF87A515FD9",
"versionEndExcluding": "4.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D2955B-2C38-484B-A7C6-5952EE8E9151",
"versionEndExcluding": "5.0.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself."
},
{
"lang": "es",
"value": "En el archivo http.c en Embedthis GoAhead anterior a versi\u00f3n 4.1.1 y versi\u00f3n 5.x anterior a la 5.0.1, una vulnerabilidad en el an\u00e1lisis de encabezado provoca una aserci\u00f3n de memoria, una referencia de memoria fuera de l\u00edmites y un potencial DoS, como fue demostrado por dos puntos en una l\u00ednea por s\u00ed misma."
}
],
"id": "CVE-2019-12822",
"lastModified": "2024-11-21T04:23:39.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-14T14:29:00.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/compare/5349710...579f21f"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/compare/5349710...579f21f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-917"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-08 19:15
Modified
2024-11-21 06:26
Severity ?
Summary
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1.8 is a version from 2003; however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://devel.rtems.org/browser/rtems/cpukit/httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gz?raw=true | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://devel.rtems.org/browser/rtems/cpukit/httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gz?raw=true | Product, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE54582-F11D-4176-9901-D2C72F0856C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1.8 is a version from 2003; however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected."
},
{
"lang": "es",
"value": "El archivo websda.c en GoAhead WebServer versi\u00f3n 2.1.8, presenta una entrop\u00eda nonce insuficiente porque el c\u00e1lculo del nonce es basado en el valor onceuponatimeinparadise codificado, que no sigue la directriz de datos secretos para la autenticaci\u00f3n de acceso HTTP Digest en RFC 7616 secci\u00f3n 3.3 (o RFC 2617 secci\u00f3n 3.2.1). NOTA: 2.1.8 es una versi\u00f3n de 2003; sin embargo, el c\u00f3digo websda.c afectado aparece en m\u00faltiples trabajos derivados que pueden usarse en 2021. El software GoAhead reciente no est\u00e1 afectado"
}
],
"id": "CVE-2021-41615",
"lastModified": "2024-11-21T06:26:31.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-08T19:15:12.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://devel.rtems.org/browser/rtems/cpukit/httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gz?raw=true"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://devel.rtems.org/browser/rtems/cpukit/httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gz?raw=true"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-14 06:15
Modified
2024-11-21 06:27
Severity ?
Summary
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/embedthis/goahead/issues/305 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/issues/305 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D614097-1270-46F0-939B-6F2D5757FF50",
"versionEndIncluding": "4.1.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A881D37-6C28-42A3-AD4C-F4911820911B",
"versionEndExcluding": "5.1.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts."
},
{
"lang": "es",
"value": "Se ha detectado un problema en GoAhead versiones 4.x y 5.x anteriores a 5.1.5. En el filtro de carga de archivos, las variables de formulario del usuario pueden pasarse a scripts CGI sin que se les anteponga el prefijo CGI. Esto permite tunelizar variables de entorno no confiables en scripts CGI vulnerables"
}
],
"id": "CVE-2021-42342",
"lastModified": "2024-11-21T06:27:38.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-14T06:15:07.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/305"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-25 20:15
Modified
2024-11-21 06:29
Severity ?
Summary
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| reefs@jfrog.com | https://github.com/embedthis/goahead/issues/304 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/embedthis/goahead/issues/304 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F19FBD8-6A30-4E15-9127-7FBEC802B94C",
"versionEndExcluding": "5.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The code that performs password matching when using \u0027Basic\u0027 HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver\u0027s response time until the unauthorized (401) response."
},
{
"lang": "es",
"value": "El c\u00f3digo que lleva a cabo la coincidencia de contrase\u00f1as cuando es usada la autenticaci\u00f3n HTTP \"Basic\" no usa un memcmp de tiempo constante y no presenta limitaci\u00f3n de velocidad. Esto significa que un atacante de red no autenticado puede forzar la contrase\u00f1a b\u00e1sica HTTP, byte a byte, registrando el tiempo de respuesta del servidor web hasta la respuesta no autorizada (401)"
}
],
"id": "CVE-2021-43298",
"lastModified": "2024-11-21T06:29:01.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-25T20:15:08.510",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/embedthis/goahead/issues/304"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-208"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}