SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the remote Junos Space version is prior to 13.1R1.6. It is, therefore, affected by the following vulnerabilities :
- Multiple Vulnerabilities related to the included Apache HTTP server. (CVE-2011-3368, CVE-2011-4317, CVE-2012-0053)
- A cross-site scripting flaw within the web interface that allows a remote attacker, with a specially crafted request, to access sensitive information.
- A flaw exists with the access control implementation that allows a remote attacker with read-only privileges to change the device's configuration. (CVE-2013-5096)
- An information disclosure flaw exists that allows a remote attacker to obtain a list of users and their hashed passwords. (CVE-2013-5097)
SolutionUpgrade to Junos Space 13.1R1.6 or later.