发布时间 :2018-07-11 14:29:00
修订时间 :2018-07-13 21:29:01

[原文]When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series.



- CVSS (基础分值)


- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD

- 其它链接及资源
(UNKNOWN)  BID  104719

- 漏洞信息

Juniper Junos CVE-2018-0025 Information Disclosure Vulnerability
Design Error 104719
Yes No
2018-07-11 12:00:00 2018-07-11 12:00:00
The vendor reported this issue.

- 受影响的程序版本

Juniper SRX Series 0
Juniper Junos 15.1X49-D30
Juniper Junos 15.1X49-D20
Juniper Junos 15.1X49-D15
Juniper Junos 15.1X49-D10
Juniper Junos 15.1X49
Juniper Junos 12.3X48-D20
Juniper Junos 12.3X48-D15
Juniper Junos 12.3X48-D10
Juniper Junos 12.3X48
Juniper Junos 12.1X46-D66
Juniper Junos 12.1X46-D65
Juniper Junos 12.1X46-D60
Juniper Junos 12.1X46-D55
Juniper Junos 12.1X46-D51
Juniper Junos 12.1X46-D50
Juniper Junos 12.1X46-D46
Juniper Junos 12.1X46-D45
Juniper Junos 12.1X46-D40
Juniper Junos 12.1X46-D37
Juniper Junos 12.1X46-D36
Juniper Junos 12.1X46-D35
Juniper Junos 12.1X46-D30
Juniper Junos 12.1X46-D26
Juniper JUNOS 12.1X46-D25
Juniper Junos 12.1X46-D20.5
Juniper Junos 12.1X46-D20
Juniper Junos 12.1X46-D15
Juniper Junos 12.1X46-D10
Juniper Junos 12.1X46 D25
Juniper JUNOS 12.1X46 D20
Juniper JUNOS 12.1X46 D15
Juniper Junos 12.1X46 D10
Juniper JUNOS 12.1X46 -D10
Juniper Junos 12.1X46
,Juniper Junos 15.1X49-D35
Juniper Junos 12.3X48-D25
Juniper Junos 12.1X46-D67

- 不受影响的程序版本

Juniper Junos 15.1X49-D35
Juniper Junos 12.3X48-D25
Juniper Junos 12.1X46-D67

- 漏洞讨论

Juniper Junos Space is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at:

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考