Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2712

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2712
Last Modified 08 Oct 2015 10:50:40
Published 14 Apr 2014 11:09:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2712

Summary

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.

Vulnerable Systems

Operating System

  • Juniper Junos 10.0

  • Juniper Junos 10.4

  • Juniper Junos 11.4

  • Juniper Junos 12.1

  • Juniper Junos 12.1x44

  • Juniper Junos 12.1x45

  • Juniper Junos 12.1x46

  • Juniper Junos 12.2


References

CONFIRM - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521

SECTRACK - 1030058

BID - 66767


Last Updated: 27 May 2016 11:04:56