Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3417 (09/09/2021)

2 new signatures:

CRITICALHTTP:STC:ADOBE:CVE-2021-28639HTTP: Adobe Acrobat Reader DC Window Procedure WM_SETFOCUS Use After Free
HIGHHTTP:CTS:CONFLUENCE-DC-OGNL-INJHTTP: Atlassian Confluence Server and Data Center Webwork OGNL Injection


Details of the signatures included within this bulletin:

HTTP:STC:ADOBE:CVE-2021-28639 - HTTP: Adobe Acrobat Reader DC Window Procedure WM_SETFOCUS Use After Free

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • url: https://www.zerodayinitiative.com/advisories/ZDI-21-813/
  • cve: CVE-2021-28639

Affected Products:

  • Adobe acrobat_dc 15.008.20082-21.005.20054
  • Adobe acrobat_reader_dc 20.001.30005-20.004.30005
  • Adobe acrobat_dc 20.001.30005-20.004.30005
  • Adobe acrobat_reader_dc 17.011.30059-17.011.30197
  • Adobe acrobat_reader_dc 15.008.20082-21.005.20054
  • Adobe acrobat_dc 17.011.30059-17.011.30197

HTTP:CTS:CONFLUENCE-DC-OGNL-INJ - HTTP: Atlassian Confluence Server and Data Center Webwork OGNL Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Atlassian Confluence Server. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
  • url: https://jira.atlassian.com/browse/CONFSERVER-67940
  • cve: CVE-2021-26084

Affected Products:

  • Atlassian data_center 7.12.0
  • Atlassian confluence 6.14.0
  • Atlassian confluence 7.5.0
  • Atlassian confluence 7.12.0
  • Atlassian data_center 7.5.0
  • Atlassian confluence
  • Atlassian data_center 6.14.0
  • Atlassian data_center
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out