Details of VAR-201601-0047

ID

VAR-201601-0047

CVE

CVE-2016-1258

TITLE

Juniper Junos OS of J-Web Used in Embedthis Appweb Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-001293

DESCRIPTION

Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors. Juniper Junos Embedthis Appweb Server is prone to a remote denial-of-service vulnerability. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. J-Web is one of the network management tools. Embedthis Software AppWeb is a fast and small Web server from Embedthis Software in the United States. It is mainly used for embedded applications, devices and Web services, and supports security defense strategies, digest authentication, virtual hosts, etc. A security vulnerability exists in Embedthis Software AppWeb used by J-Web in Juniper Networks Junos OS. The following versions are affected: Juniper Networks Junos OS prior to 12.1X44-D60, 12.1X46 prior to 12.1X46-D45, 12.1X47 prior to 12.1X47-D30, 12.3 prior to 12.3R10, 12.3X48 prior to 12.3X48-D20, 13.2 Version 13.2X51 before X51-D20, version 13.3 before 13.3R8, version 14.1 before 14.1R6, version 14.2 before 14.2R5

Trust: 1.98

sources: NVD: CVE-2016-1258 // JVNDB: JVNDB-2016-001293 // BID: 80741 // VULHUB: VHN-90077

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	13.2x51	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x47	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.2	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	eq	version:	14.2r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3x48-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.3r8	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2x51	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2x51-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d45	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3x48	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1r6	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x47-d30	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x47	Trust: 0.8
vendor:	juniper	model:	junos os 14.2r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 14.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 14.1r5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 14.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 14.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 14.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 13.3r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 13.3r4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 13.3r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 13.3r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.3x48-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.3x48-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.3r9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.3r8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.3r7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.1x47-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.1x47-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.1x47-d11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.1x47-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.1x44-d50	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.1x44-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d41	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 14.1r6	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 13.2x51-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.3x48-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.3r11	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.3r10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.1x47-d30	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.1x44-d60	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.2r5	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r8	scope:	ne	version:	-	Trust: 0.3

sources: BID: 80741 // JVNDB: JVNDB-2016-001293 // CNNVD: CNNVD-201601-338 // NVD: CVE-2016-1258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1258
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1258
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201601-338
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90077
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1258
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90077
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1258
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90077 // JVNDB: JVNDB-2016-001293 // CNNVD: CNNVD-201601-338 // NVD: CVE-2016-1258

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-90077 // JVNDB: JVNDB-2016-001293 // NVD: CVE-2016-1258

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-338

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201601-338

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001293

PATCH

title:	JSA10720	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10720	Trust: 0.8
title:	Juniper Networks Junos OS J-Web Embedthis Software AppWeb Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59656	Trust: 0.6

sources: JVNDB: JVNDB-2016-001293 // CNNVD: CNNVD-201601-338

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1258	Trust: 2.8
db:	JUNIPER	id:	JSA10720	Trust: 2.0
db:	SECTRACK	id:	1035116	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001293	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-338	Trust: 0.7
db:	SECUNIA	id:	68408	Trust: 0.6
db:	BID	id:	80741	Trust: 0.4
db:	VULHUB	id:	VHN-90077	Trust: 0.1

sources: VULHUB: VHN-90077 // BID: 80741 // JVNDB: JVNDB-2016-001293 // CNNVD: CNNVD-201601-338 // NVD: CVE-2016-1258

REFERENCES

url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10720	Trust: 1.6
url:	http://www.securitytracker.com/id/1035116	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1258	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1258	Trust: 0.8
url:	http://secunia.com/advisories/68408	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10720&actp=rss	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10720	Trust: 0.1

sources: VULHUB: VHN-90077 // BID: 80741 // JVNDB: JVNDB-2016-001293 // CNNVD: CNNVD-201601-338 // NVD: CVE-2016-1258

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 80741

SOURCES

db:	VULHUB	id:	VHN-90077
db:	BID	id:	80741
db:	JVNDB	id:	JVNDB-2016-001293
db:	CNNVD	id:	CNNVD-201601-338
db:	NVD	id:	CVE-2016-1258

LAST UPDATE DATE

2025-04-13T23:42:02.489000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90077	date:	2016-12-03T00:00:00
db:	BID	id:	80741	date:	2016-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-001293	date:	2016-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201601-338	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-1258	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90077	date:	2016-01-15T00:00:00
db:	BID	id:	80741	date:	2016-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-001293	date:	2016-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201601-338	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-1258	date:	2016-01-15T19:59:07.383