CVE-2014-6447
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
11/02/2020
Last modified:
25/02/2020
Description
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x44:d40:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page