CVE-2018-0025
CVSSN/A
发布时间 :2018-07-11 14:29:00
修订时间 :2018-07-13 21:29:01
NMS    

[原文]When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0025
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0025
(官方数据源) NVD

- 其它链接及资源

http://www.securityfocus.com/bid/104719
(UNKNOWN)  BID  104719
https://kb.juniper.net/JSA10858
(UNKNOWN)  CONFIRM  https://kb.juniper.net/JSA10858
https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html
(UNKNOWN)  MISC  https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html
https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html
(UNKNOWN)  MISC  https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html
https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html
(UNKNOWN)  MISC  https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html

- 漏洞信息

Juniper Junos CVE-2018-0025 Information Disclosure Vulnerability
Design Error 104719
Yes No
2018-07-11 12:00:00 2018-07-11 12:00:00
The vendor reported this issue.

- 受影响的程序版本

Juniper SRX Series 0
Juniper Junos 15.1X49-D30
Juniper Junos 15.1X49-D20
Juniper Junos 15.1X49-D15
Juniper Junos 15.1X49-D10
Juniper Junos 15.1X49
Juniper Junos 12.3X48-D20
Juniper Junos 12.3X48-D15
Juniper Junos 12.3X48-D10
Juniper Junos 12.3X48
Juniper Junos 12.1X46-D66
Juniper Junos 12.1X46-D65
Juniper Junos 12.1X46-D60
Juniper Junos 12.1X46-D55
Juniper Junos 12.1X46-D51
Juniper Junos 12.1X46-D50
Juniper Junos 12.1X46-D46
Juniper Junos 12.1X46-D45
Juniper Junos 12.1X46-D40
Juniper Junos 12.1X46-D37
Juniper Junos 12.1X46-D36
Juniper Junos 12.1X46-D35
Juniper Junos 12.1X46-D30
Juniper Junos 12.1X46-D26
Juniper JUNOS 12.1X46-D25
Juniper Junos 12.1X46-D20.5
Juniper Junos 12.1X46-D20
Juniper Junos 12.1X46-D15
Juniper Junos 12.1X46-D10
Juniper Junos 12.1X46 D25
Juniper JUNOS 12.1X46 D20
Juniper JUNOS 12.1X46 D15
Juniper Junos 12.1X46 D10
Juniper JUNOS 12.1X46 -D10
Juniper Junos 12.1X46
,Juniper Junos 15.1X49-D35
Juniper Junos 12.3X48-D25
Juniper Junos 12.1X46-D67

- 不受影响的程序版本

Juniper Junos 15.1X49-D35
Juniper Junos 12.3X48-D25
Juniper Junos 12.1X46-D67

- 漏洞讨论

Juniper Junos Space is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站