Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1032846 | Third Party Advisory VDB Entry |
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Information
Published : 2020-02-11 09:15
Updated : 2020-02-25 08:48
NVD link : CVE-2014-6447
Mitre link : CVE-2014-6447
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
juniper
- junos