Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CTPView: HSTS not being enforced on CTPView server.
Vulnerability Description
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
Juniper Networks CtpView输入验证错误漏洞
Vulnerability Description
Juniper Networks CtpView是美国Juniper Networks公司的一个网络管理系统。用于管理人员能够在监控网络的同时部署电路。 CTPView server 中存在输入验证错误漏洞,该漏洞源于产品未执行HSTS检测方法。攻击者可通过该漏洞执行ssl剥离中间人攻击、降级攻击和弱cookie劫持保护。
CVSS Information
N/A
Vulnerability Type
N/A