Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2013-02 Multiple Apache HTTP server vulnerabilities fixed in Junos Space

0

0

Article ID: JSA10534 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 3.0
Legacy Advisory Id:
PSN-2013-02-846
Product Affected:
Junos Space
Problem:

Multiple vulnerabilities have been fixed in Juniper Networks Junos Space product as a result of updating Apache HTTP server to version 2.2.21.

The following is a list of known CVE ids that may pose a security risk to Junos Space, which have been fixed as a result of this software upgrade:

CVE IdCVSSv2 Base Score and CVSS Vector
CVE-2011-33484.3AV:N/AC:M/Au:N/C:N/I:N/A:P
CVE-2011-31927.8AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2011-04194.3AV:N/AC:M/Au:N/C:N/I:N/A:P

CVE-2011-3192 with the highest CVSS score of 7.8 is a denial of service vulnerability with known exploits.

Solution:

These vulnerabilities are fixed in Junos Space Patch 12.1P2.1 (released August 2012) or later versions.

Workaround:

There are no known workarounds that can mitigate Apache HTTP server issues listed in this bulletin. Risk of malicious exploit can be reduced by limiting access to Junos Space only from trusted hosts by using access lists or firewall filters.
Severity Level:
High
Severity Assessment:
The highest CVSSv2 Base Score for these vulnerabilities is 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search