fkie_cve-2014-6447
Vulnerability from fkie_nvd
Published
2020-02-11 17:15
Modified
2024-11-21 02:14
Severity ?
Summary
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682 | Vendor Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1032846 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032846 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:*",
"matchCriteriaId": "86141A33-344E-4152-8B76-2DB383954F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*",
"matchCriteriaId": "AC405A12-112D-4C9D-90DA-6ED484109793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*",
"matchCriteriaId": "3FC42F2D-7593-4DBE-AE89-A6B78E7F9089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*",
"matchCriteriaId": "731A6469-3DE0-491A-BCC5-7642FB347ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*",
"matchCriteriaId": "D12A8119-3E59-4062-9A04-1F6EA48B78E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*",
"matchCriteriaId": "E8B33B80-3189-4412-BFE0-359E755AB07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*",
"matchCriteriaId": "C0E8F87E-DEB2-4849-ABB5-75A67CFD2D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d40:*:*:*:*:*:*",
"matchCriteriaId": "BDE231CE-0D93-4293-8720-4CCEE2EA651E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*",
"matchCriteriaId": "92F31F7F-02E0-4E63-A600-DF8AB4E3BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
"matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
"matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
"matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
"matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:*",
"matchCriteriaId": "ABBEDB3F-5FD1-4290-A80A-7EAD9B9C38C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*",
"matchCriteriaId": "181C0D30-4476-48EE-A4A4-3B2461F4AC20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x47:d15:*:*:*:*:*:*",
"matchCriteriaId": "63F559A2-2744-4771-9420-C70AA87496A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*",
"matchCriteriaId": "223C12D0-61A0-4C12-8AFC-A0CB64759A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "371A7DF8-3F4B-439D-8990-D1BC6F0C25C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "7CC3BCFD-2B0F-4994-9FE4-9D37FA85F1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "C6F309FD-0A5A-4C86-B227-B2B511A5CEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*",
"matchCriteriaId": "960059B5-0701-4B75-AB51-0A430247D9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*",
"matchCriteriaId": "1D1DCA52-DA81-495B-B516-5571F01E3B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*",
"matchCriteriaId": "05E187F6-BACD-4DD5-B393-B2FE4349053A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*",
"matchCriteriaId": "3C240840-A6BC-4E3D-A60D-22F08E67E2B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*",
"matchCriteriaId": "AC1FED64-8725-4978-9EBF-E3CD8EF338E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:13.1:-:*:*:*:*:*:*",
"matchCriteriaId": "67B3BF03-9919-4C12-97A3-B20161725F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "FCD4D8EB-8625-47CD-8F0E-D2FC8CAA5462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "A0150A4C-2C5A-49FC-8FB3-B93CB45B8284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "BFEB7A59-7536-4A92-A9C8-79FDE657B8AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "AD9ADCD2-DC32-4724-8324-60246E8BC953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.1:r4-s2:*:*:*:*:*:*",
"matchCriteriaId": "08BC545E-EBE1-45EB-9D1E-9CAEF52E7C6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "931D77A8-FA39-479E-91DB-CDDC9113252B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D3A0A607-7D3C-4F2A-B5F5-576A70649CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "32E9620A-7C0A-474C-919E-13609FFE580D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "672D3A38-92B4-4F33-82A6-B2D3F3403AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2:r4:*:*:*:*:*:*",
"matchCriteriaId": "F5C24441-6E9D-4EF7-8903-A109A52340C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2:r5:*:*:*:*:*:*",
"matchCriteriaId": "7CB98C4F-617F-4F51-A86E-D1EBE2BDE583",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:13.3:-:*:*:*:*:*:*",
"matchCriteriaId": "FE2FBBA2-6185-463F-96D3-9AB2C778B4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "3FF9FF91-9184-4D18-8288-9110E35F4AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.3:r10:*:*:*:*:*:*",
"matchCriteriaId": "CA058F8A-01BE-48EA-9E67-98FF069E78D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "0F2E537B-9504-4912-B231-0D83F4459469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "99A946CE-FFC7-4F16-82F4-795A6E5B84C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "4BCB3837-DCBC-4997-B63E-E47957584709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "09571E75-0EA2-4775-B1AB-CB0A0998F6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "9C778627-820A-48F5-9680-0205D6DB5EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "FA7F03DC-73A2-4760-B386-2A57E9C97E65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*",
"matchCriteriaId": "6FEF5DD8-B0B2-4ED2-B38F-CE870485AB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:14.2:-:*:*:*:*:*:*",
"matchCriteriaId": "7887DC05-BEBE-4D7C-8F7A-C1A70237EE4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "285CD1E5-C6D3-470A-8556-653AFF74D0F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades en el manejo de errores de Juniper Junos J-Web que pueden conllevar a problemas de tipo cross site scripting (XSS) o bloquear el servicio J-Web (DoS). Esto afecta a Juniper Junos OS versiones 12.1X44 anteriores a 12.1X44-D45, versiones 12.1X46 anteriores a 12.1X46-D30, versiones 12.1X47 anteriores a 12.1X47-D20, versiones 12.3 anteriores a 12.3R8, versiones 12.3X48 anteriores a 12.3X48-D10, versiones 13.1 anteriores a 13.1R5, versiones 13.2 anteriores a 13.2 R6, versiones 13.3 anteriores a 13.3R4, versiones 14.1 anteriores a 14.1R3, versiones 14.1X53 anteriores a 14.1X53-D10, versiones 14.2 anteriores a 14.2R1 y versiones 15.1 anteriores a 15.1R1."
}
],
"id": "CVE-2014-6447",
"lastModified": "2024-11-21T02:14:24.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T17:15:11.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032846"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…