Primary

Context

Juniper Networks CTPView HTTP Strict Transport Security Not Enforced Vulnerability

Vulnerability

Patched

A vulnerability exists in Juniper Networks CTPView server versions 7.3 prior to 7.3R7 and 9.1 prior to 9.1R3, due to the server not enforcing HTTP Strict Transport Security (HSTS). This lack of HSTS can leave the system open to downgrade attacks, SSL-stripping man-in-the-middle attacks, and reduces protections against cookie hijacking.

Impact

The absence of HSTS can lead to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakened cookie-hijacking protections.

Remediation

Users can upgrade to CTPView versions 7.3R7-1, 9.1R3, or any subsequent release. For those on versions prior to 9.1R3, access lists or firewall filters can be used to restrict HTTP access to trusted administrative networks or hosts.

Added: Mar 11, 2026, 7:06 PM

Updated: Mar 11, 2026, 7:06 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Juniper Networks CTPView HTTP Strict Transport Security Not Enforced Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Juniper Networks CTPView

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating